Null Pointer Dereference Vulnerability in FreeImage Software by FreeImage Developers
CVE-2021-40266

6.5MEDIUM

Key Information:

Vendor

Freeimage Project

Status
Freeimage
Vendor
CVE Published:
22 August 2023

What is CVE-2021-40266?

FreeImage software versions prior to 1.18.0 exhibit a vulnerability in the ReadPalette function located in PluginTIFF.cpp. This issue is classified as a null pointer dereference, which may lead to unintended application behavior or crashes. Users utilizing affected versions should consider updating to the latest release to mitigate potential risks associated with this vulnerability.

References

https://sourceforge.net/p/freeimage/bugs/334/
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.