Name of the Vulnerable Software and Affected Versions imageio (affected versions not specified)

Description The issue concerns the imageio library, which can download shared freeimage libraries from a GitHub repository. Since the code fetches directly from the master branch without verifying the integrity of the downloaded files, it poses a significant risk. If the repository is compromised, all prior versions of imageio would silently download and run arbitrary shared libraries on user systems.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.