Alexander-Wilms
commented
2 months ago For completeness' sake, in the Ogre issue, someone linked to https://github.com/agruzdev/FreeImageRe
https://github.com/OGRECave/ogre/issues/3069#issuecomment-2030300403
But it's not yet clear whether these issues have been fixed already in the fork.
Eonfge
main 2 I think is the most important to point out
both of these can run arbitrary code one of them being from the BMP plugin so I am assuming a person could get a user to load a malicious BMP or a file with a malicious bpm inside of it
Free Image should either be forked and fixed asap or abandoned for a different library
active project i could find that use freeimage https://github.com/sirjuddington/SLADE https://github.com/TrenchBroom/TrenchBroom https://github.com/RetroPie/EmulationStation https://github.com/MonoGame/MonoGame https://github.com/meganz/MEGAsync https://github.com/OGRECave/ogre https://github.com/OGRECave/ogre-next https://github.com/Open-Cascade-SAS/OCCT https://github.com/arrayfire/forge https://git.sr.ht/~exec64/imv https://github.com/arrayfire/arrayfire
Free Image v3.18.0
[CVE-2021-33367] (https://nvd.nist.gov/vuln/detail/CVE-2021-33367)
Buffer Overflow vulnerability in Freeimage v3.18.0 allows attacker to cause a denial of service via a crafted JXR file.[CVE-2023-47992] (https://nvd.nist.gov/vuln/detail/CVE-2023-47992)
An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code.[CVE-2023-47993] (https://nvd.nist.gov/vuln/detail/CVE-2023-47993)
A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service.[CVE-2023-47994] (https://nvd.nist.gov/vuln/detail/CVE-2023-47994)
An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code.[CVE-2023-47995] (https://nvd.nist.gov/vuln/detail/CVE-2023-47995)
Memory Allocation with Excessive Size Value discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service.[CVE-2023-47996] (https://nvd.nist.gov/vuln/detail/CVE-2023-47996)
An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service.Free Image before v1.18.0
[CVE-2021-40262] (https://nvd.nist.gov/vuln/detail/CVE-2021-40262)
A stack exhaustion issue was discovered in FreeImage before 1.18.0 via the Validate function in PluginRAW.cpp.[CVE-2021-40263] (https://nvd.nist.gov/vuln/detail/CVE-2021-40263)
A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.[CVE-2021-40264] (https://nvd.nist.gov/vuln/detail/CVE-2021-40264)
NULL pointer dereference vulnerability in FreeImage before 1.18.0 via the FreeImage_CloneTag function inFreeImageTag.cpp.[CVE-2021-40265] (https://nvd.nist.gov/vuln/detail/CVE-2021-40265)
A heap overflow bug exists FreeImage before 1.18.0 via ofLoad function in PluginJPEG.cpp.[CVE-2021-40266] (https://nvd.nist.gov/vuln/detail/CVE-2021-40266)
FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.