Skip to main content

Freeimage CVE-2023-47994

HIGH
Integer Overflow or Wraparound (CWE-190)
2024-01-09 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:34 vuln.today
PoC Detected
Jun 03, 2025 - 15:15 vuln.today
Public exploit code
CVE Published
Jan 09, 2024 - 23:15 nvd
HIGH 8.8

DescriptionCVE.org

An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code.

AnalysisAI

An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code. Affected products include: Freeimage Project Freeimage.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

CVE-2025-70968 CRITICAL POC
9.8 Jan 14

FreeImage 3.18.0 has a use-after-free in the TARGA plugin's loadRLE function. Processing a malicious TGA file can lead t

CVE-2023-47992 HIGH POC
8.8 Jan 09

An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sen

CVE-2024-28582 HIGH POC
8.4 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28581 HIGH POC
8.4 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28580 HIGH POC
8.4 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28578 HIGH POC
8.4 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28566 HIGH POC
8.4 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28583 HIGH POC
7.8 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28569 HIGH POC
7.8 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-9029 HIGH POC
7.5 Sep 27

A flaw was found in the freeimage library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, n

CVE-2019-12214 HIGH POC
7.5 May 20

In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j

CVE-2019-12212 HIGH POC
7.5 May 20

When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due

Share

CVE-2023-47994 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy