[Urgent security issue] FreeImage arbitrary code execution vulnerability #437
Comments
|
Thanks for reporting this issue. We've recently moved to FreeImageRe by default to address the issue of FreeImage being stale for years and unaddressed vulnerabilities. Fortunately most use-cases (but not all of them) of OgreNext involve only loading images from trusted sources; but nonetheless they should be addressed. If I read correctly CVE-2023-47994 & CVE-2023-47992 do not propose a fix or patch? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
main 2 I think is the most important to point out
both of these can run arbitrary code one of them being from the BMP plugin
so I am assuming a person could get a user to load a malicious BMP or a file with a malicious bpm inside of it
Free Image should either be forked and fixed asap or abandoned for a different library
active project i could find that use freeimage
https://github.com/sirjuddington/SLADE
https://github.com/TrenchBroom/TrenchBroom
https://github.com/RetroPie/EmulationStation
https://github.com/MonoGame/MonoGame
https://github.com/meganz/MEGAsync
https://github.com/OGRECave/ogre
https://github.com/OGRECave/ogre-next
https://github.com/Open-Cascade-SAS/OCCT
https://github.com/arrayfire/forge
https://git.sr.ht/~exec64/imv
https://github.com/arrayfire/arrayfire
Free Image v3.18.0
[CVE-2021-33367] (https://nvd.nist.gov/vuln/detail/CVE-2021-33367)
Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.[CVE-2023-47992] (https://nvd.nist.gov/vuln/detail/CVE-2023-47992)
An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code.[CVE-2023-47993] (https://nvd.nist.gov/vuln/detail/CVE-2023-47993)
A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service.[CVE-2023-47994] (https://nvd.nist.gov/vuln/detail/CVE-2023-47994)
An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code.[CVE-2023-47995] (https://nvd.nist.gov/vuln/detail/CVE-2023-47995)
Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.[CVE-2023-47996] (https://nvd.nist.gov/vuln/detail/CVE-2023-47996)
An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service.Free Image before v1.18.0
[CVE-2021-40262] (https://nvd.nist.gov/vuln/detail/CVE-2021-40262)
A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.[CVE-2021-40263] (https://nvd.nist.gov/vuln/detail/CVE-2021-40263)
A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.[CVE-2021-40264] (https://nvd.nist.gov/vuln/detail/CVE-2021-40264)
NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.[CVE-2021-40265] (https://nvd.nist.gov/vuln/detail/CVE-2021-40265)
A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.[CVE-2021-40266] (https://nvd.nist.gov/vuln/detail/CVE-2021-40266)
FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.The text was updated successfully, but these errors were encountered: