CVE-2024-31570

libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
VendorProductVersion
freeimage_projectfreeimage
3.4.0 ≤
𝑥
≤ 3.18.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freeimage
bullseye (security)
vulnerable
bullseye
postponed
bookworm
no-dsa
bookworm (security)
vulnerable
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freeimage
plucky
deferred
oracular
deferred
noble
deferred
mantic
ignored
jammy
deferred
focal
deferred
bionic
deferred
xenial
deferred
trusty
deferred