Buffer Overflow Vulnerability in Freeimage by Freeimage Project
CVE-2021-33367

5.5MEDIUM

Key Information:

Vendor

Freeimage Project

Status
Freeimage
Vendor
CVE Published:
22 February 2023

What is CVE-2021-33367?

A buffer overflow vulnerability exists in Freeimage version 3.18.0, which can be exploited by an attacker sending a specially crafted JXR file. This flaw can lead to unexpected behavior, including potential denial of service, as the application may attempt to process the malicious file without adequate bounds checking. Users are advised to exercise caution and consider updating to a patched version to maintain the integrity and availability of their systems.

References

https://sourceforge.net/p/freeimage/discussion/36109/thre...
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.