CVE-2020-21427

HIGH7.8EPSS 1.2%

freeimage - security update

Published: 8/22/2023Modified: 4/28/2026

Also known as:DEBIAN-CVE-2020-21427

Description

Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

Affected packages (3)

Debian/freeimagefrom 0, < 3.18.0+ds2-6+deb11u1
Debian/freeimagefrom 0, < 3.18.0+ds2-1+deb10u2
Debian/freeimagefrom 0, < 3.18.0+ds2-6+deb11u1

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-21427