CVE-2019-12212

Name of the Vulnerable Software and Affected Versions FreeImage version 3.18.0

Description The issue arises when processing a specially crafted JXR file, causing the StreamCalcIFDSize function in JXRMeta.c to recursively call itself due to improper file handling, leading to stack exhaustion. This can be exploited by an attacker to achieve a remote denial of service attack by sending a specially constructed file.

Recommendations For FreeImage version 3.18.0, consider avoiding the use of the StreamCalcIFDSize function in JXRMeta.c until a patch is available, or refrain from processing untrusted JXR files to minimize the risk of exploitation.