Main Vulnerability Database Vulnerabilities #VU80064

Buffer overflow in FreeImage - CVE-2020-21426

Published: August 29, 2023 / Updated: August 29, 2023

Vulnerability identifier: #VU80064

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2020-21426

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FreeImage

Software vendor:
FreeImage

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the C_IStream::read(0 function in PluginEXR.cpp. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Remediation

Install update from SVN repository.

External links

https://sourceforge.net/p/freeimage/bugs/300/

Buffer overflow in FreeImage - CVE-2020-21426

Description

Remediation

External links

Please verify you're human