CVE-2020-24293

HIGH

FreeImage <3.19.0 - RCE

Title source: llm

Description

Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.

References (3)

Core 3

Core References

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6GKMK74POW3RU7F4HLUJE7XEFLQDO35/

Mailing List, Third Party Advisory vendor-advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HFRQ76ZDPSWT7OH6FJDLSFWBXVBE6JDN/

Exploit

https://sourceforge.net/p/freeimage/discussion/36111/thread/afb98701eb/

Scores

CVSS v3 8.8

EPSS 0.0121

EPSS Percentile 79.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-120

Status published

Products (1)

freeimage_project/freeimage 3.19.0

Published Aug 22, 2023

Tracked Since Feb 18, 2026