Denial of Service Vulnerability in FreeImage by FreeImage Project
CVE-2023-47995

6.5MEDIUM

Key Information:

Vendor

Freeimage Project

Status
Freeimage
Vendor
CVE Published:
9 January 2024

What is CVE-2023-47995?

A memory allocation issue has been identified in FreeImage 3.18.0, specifically in the function BitmapAccess.cpp::FreeImage_AllocateBitmap. This vulnerability enables attackers to exploit excessive size values during memory allocation processes, leading to potential denial of service conditions. If exploited, it can cause the application to crash or become unresponsive, impacting the usability of applications relying on FreeImage for image processing. Users are encouraged to update to the latest version to mitigate risks associated with this vulnerability.

References

https://github.com/thelastede/FreeImage-cve-poc/tree/mast...
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.