CVE-2020-21427

CVE-2020-21427

Name

CVE-2020-21427

Description

Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://sourceforge.net/p/freeimage/bugs/298/
cve@mitre.org	https://lists.debian.org/debian-lts-announce/2023/11/msg00020.html
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RUEK2JOVJBQZVNQIIZZO3JFMTVB4R5KS/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGOMCRAANNCQYJYPPMGRQWKRZGIP6NME/
cve@mitre.org	https://www.debian.org/security/2023/dsa-5579

Type

URI

MISC

https://sourceforge.net/p/freeimage/bugs/298/

cve@mitre.org

https://lists.debian.org/debian-lts-announce/2023/11/msg00020.html

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RUEK2JOVJBQZVNQIIZZO3JFMTVB4R5KS/

cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGOMCRAANNCQYJYPPMGRQWKRZGIP6NME/

cve@mitre.org

https://www.debian.org/security/2023/dsa-5579

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:freeimage_project:freeimage:3.18.0:::::::*`	freeimage	== None	== 3.18.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:freeimage_project:freeimage:3.18.0:*:*:*:*:*:*:*

freeimage

== None

== 3.18.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
freeimage	edge-community	3.18.0-r5	Taner Tas <taner76@gmail.com>	possibly vulnerable
freeimage	edge-community	3.18.0-r4	Taner Tas <taner76@gmail.com>	possibly vulnerable
freeimage	edge-community	3.18.0-r3	Taner Tas <taner76@gmail.com>	possibly vulnerable
freeimage	edge-community	3.18.0-r2	Taner Tas <taner76@gmail.com>	possibly vulnerable
freeimage	3.23-community	3.18.0-r5	Taner Tas <taner76@gmail.com>	possibly vulnerable
freeimage	3.22-community	3.18.0-r5	Taner Tas <taner76@gmail.com>	possibly vulnerable
freeimage	3.22-community	3.18.0-r4	Taner Tas <taner76@gmail.com>	possibly vulnerable
freeimage	3.22-community	3.18.0-r2	None	possibly vulnerable
freeimage	3.20-community	3.18.0-r4	Taner Tas <taner76@gmail.com>	possibly vulnerable
freeimage	3.19-community	3.18.0-r4	Taner Tas <taner76@gmail.com>	possibly vulnerable
freeimage	3.18-community	3.18.0-r4	Taner Tas <taner76@gmail.com>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

freeimage

edge-community

3.18.0-r5

Taner Tas <taner76@gmail.com>

possibly vulnerable

freeimage

edge-community