Avscx

#8347of 53,624
32.9Total CVSS
Vulnerabilities · 4
Medium
1
High
3
PT-2023-11667
8.8
2023-08-22
Freeimage · Freeimage · CVE-2020-24292
**Name of the Vulnerable Software and Affected Versions** FreeImage version 3.19.0 **Description** A Buffer Overflow issue exists in the load function in PluginICO.cpp, allowing remote attackers to run arbitrary code via the opening of crafted ico files. **Recommendations** For FreeImage version 3.19.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-11668
8.8
2023-08-22
Freeimage · Freeimage · CVE-2020-24293
**Name of the Vulnerable Software and Affected Versions** FreeImage version 3.19.0 **Description** The issue allows remote attackers to run arbitrary code via the opening of a crafted psd file. This is due to a Buffer Overflow vulnerability in the `psdThumbnail::Read` function in `PSDParser.cpp`. **Recommendations** For FreeImage version 3.19.0, consider avoiding the use of the `psdThumbnail::Read` function until a patch is available. As a temporary workaround, restrict the opening of psd files from untrusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-11669
6.5
2023-08-22
Freeimage · Freeimage · CVE-2020-24294
**Name of the Vulnerable Software and Affected Versions** FreeImage version 3.19.0 **Description** The issue is related to a Buffer Overflow vulnerability in the `psdParser::UnpackRLE` function in `PSDParser.cpp`. This vulnerability allows remote attackers to cause a denial of service via the opening of a crafted psd file. **Recommendations** For FreeImage version 3.19.0, consider disabling the `psdParser::UnpackRLE` function until a patch is available to prevent potential exploitation. Restrict access to opening crafted psd files to minimize the risk of a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2023-11670
8.8
2023-08-22
Freeimage · Freeimage · CVE-2020-24295
**Name of the Vulnerable Software and Affected Versions** FreeImage version 3.19.0 **Description** The issue allows remote attackers to run arbitrary code via the use of a crafted psd file, exploiting a Buffer Overflow vulnerability in the `ReadImageLine()` function within `PSDParser.cpp`. **Recommendations** For FreeImage version 3.19.0, consider disabling the `ReadImageLine()` function in `PSDParser.cpp` as a temporary workaround until a patch is available. Restrict the use of crafted psd files to minimize the risk of exploitation.