CVE-2020-24292

HIGH

FreeImage 3.19.0 - Buffer Overflow

Title source: llm

Description

Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.

References (3)

Core 3

Core References

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6GKMK74POW3RU7F4HLUJE7XEFLQDO35/

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFRQ76ZDPSWT7OH6FJDLSFWBXVBE6JDN/

Exploit

https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/

Scores

CVSS v3 8.8

EPSS 0.0151

EPSS Percentile 81.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-120

Status published

Products (1)

freeimage_project/freeimage 3.19.0

Published Aug 22, 2023

Tracked Since Feb 18, 2026