CVE-2020-21428
CVE-2020-21428
Vexday Risk Score
8Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 3.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
22 Aug 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Affected products
n/a · n/aReferences
https://lists.debian.org/debian-lts-announce/2023/11/msg00020.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RUEK2JOVJBQZVNQIIZZO3JFMTVB4R5KS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGOMCRAANNCQYJYPPMGRQWKRZGIP6NME/https://sourceforge.net/p/freeimage/bugs/299/https://www.debian.org/security/2023/dsa-5579