Buffer Overflow Vulnerability in FreeImage Plugin by FreeImage
CVE-2020-24292

8.8HIGH

Key Information:

Vendor

Freeimage Project

Status
Freeimage
Vendor
CVE Published:
22 August 2023

What is CVE-2020-24292?

A buffer overflow vulnerability exists in the load function of PluginICO.cpp in FreeImage version 3.19.0 [r1859]. This issue allows remote attackers to exploit the vulnerability by crafting specific ICO files, which when opened, can lead to arbitrary code execution on the victim's system. This highlights the importance of validating file inputs and implementing robust security measures in software development.

References

https://sourceforge.net/p/freeimage/discussion/36111/thre...
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.