Buffer Overflow Vulnerability in FreeImage Affects Users
CVE-2020-24293

8.8HIGH

Key Information:

Vendor

Freeimage Project

Status
Freeimage
Vendor
CVE Published:
22 August 2023

What is CVE-2020-24293?

A buffer overflow vulnerability exists in the psdThumbnail::Read function within PSDParser.cpp in FreeImage version 3.19.0. This vulnerability can be exploited by remote attackers to execute arbitrary code when a specially crafted PSD file is opened. Users of affected versions are encouraged to update to patched releases to mitigate the risk of exploitation.

References

https://sourceforge.net/p/freeimage/discussion/36111/thre...
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.