[Urgent security issue] **FreeImage** arbitrary code execution vulnerability

[lavenderdotpet]

FreeImage has been seemingly abandoned and this is an issue for any project using this library do not close unless the arbitrary code execution vulnerability is fixed by remove freeimage from the project or if someone forks freeimage and the issues are fixed this is important

main 2 I think is the most important to point out

• [CVE-2023-47994]
• [CVE-2023-47992]

both of these can run arbitrary code one of them being from the BMP plugin so I am assuming a person could get a user to load a malicious BMP or a file with a malicious bpm inside of it

Free Image should either be forked and fixed asap or abandoned for a different library

active project i could find that use freeimage https://github.com/sirjuddington/SLADE https://github.com/TrenchBroom/TrenchBroom https://github.com/RetroPie/EmulationStation https://github.com/MonoGame/MonoGame https://github.com/meganz/MEGAsync https://github.com/OGRECave/ogre https://github.com/OGRECave/ogre-next https://github.com/Open-Cascade-SAS/OCCT https://github.com/arrayfire/forge https://git.sr.ht/~exec64/imv https://github.com/arrayfire/arrayfire

Free Image v3.18.0

• [CVE-2021-33367] (https://nvd.nist.gov/vuln/detail/CVE-2021-33367) Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.

• [CVE-2023-47992] (https://nvd.nist.gov/vuln/detail/CVE-2023-47992) An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code.

• [CVE-2023-47993] (https://nvd.nist.gov/vuln/detail/CVE-2023-47993) A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service.

• [CVE-2023-47994] (https://nvd.nist.gov/vuln/detail/CVE-2023-47994) An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code.

• [CVE-2023-47995] (https://nvd.nist.gov/vuln/detail/CVE-2023-47995) Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.

• [CVE-2023-47996] (https://nvd.nist.gov/vuln/detail/CVE-2023-47996) An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service.

Free Image before v1.18.0

• [CVE-2021-40262] (https://nvd.nist.gov/vuln/detail/CVE-2021-40262) A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.

• [CVE-2021-40263] (https://nvd.nist.gov/vuln/detail/CVE-2021-40263) A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.

• [CVE-2021-40264] (https://nvd.nist.gov/vuln/detail/CVE-2021-40264) NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.

• [CVE-2021-40265] (https://nvd.nist.gov/vuln/detail/CVE-2021-40265) A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.

• [CVE-2021-40266] (https://nvd.nist.gov/vuln/detail/CVE-2021-40266) FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.

[lavenderdotpet]

this has nothing to do with freetype https://github.com/RetroPie/EmulationStation/issues/871

[lavenderdotpet]

this cant be resolved with contacting distro maintainers this library isnt being maintained and is a security threat @cmitu

[cmitu]

Please don't spam the issue tracker.

[lavenderdotpet]

Please don't spam the issue tracker.

sorry for my actions was feeling very self righteous about it and i shouldnt have sorry again for the issues and thank you for your time