Integer Overflow in FreeImage Software Affects Sensitive Information Handling
CVE-2023-47992

8.8HIGH

Key Information:

Vendor: FreeImage
Status: Freeimage
Vendor: CVE Published:; 9 January 2024

What is CVE-2023-47992?

An integer overflow issue is present in the FreeImage library, specifically within the _MemoryReadProc function of FreeImageIO.cpp in version 3.18.0. This vulnerability can be exploited by attackers to gain unauthorized access to sensitive information, potentially leading to a compromise in system integrity. Furthermore, the flaw poses a risk of denial-of-service attacks and allows the execution of arbitrary code, enhancing the threat landscape associated with this widely used imaging library. Users and developers relying on FreeImage should take immediate steps to assess their exposure and apply necessary updates.

References

https://github.com/thelastede/FreeImage-cve-poc/tree/mast...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 9, 2024
Vulnerability Reserved
Nov 13, 2023

JSON