Vulnerabilities > CVE-2015-0852 - Numeric Errors vulnerability in Freeimage Project Freeimage 3.17.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
freeimage-project
CWE-189
nessus

Summary

Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.

Vulnerable Configurations

Part Description Count
Application
Freeimage_Project
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-16105.NASL
    descriptionThis update resolves CVE-2015-0852. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-10-02
    plugin id86237
    published2015-10-02
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86237
    titleFedora 22 : freeimage-3.10.0-23.fc22 (2015-16105)
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_33459061A1D611E58794BCAEC565249C.NASL
    descriptionPcheng pcheng reports : An integer overflow issue in the FreeImage project was reported and fixed recently.
    last seen2020-06-01
    modified2020-06-02
    plugin id87361
    published2015-12-15
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/87361
    titleFreeBSD : freeimage -- multiple integer overflows (33459061-a1d6-11e5-8794-bcaec565249c)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-327.NASL
    descriptionMultiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-10-19
    plugin id86428
    published2015-10-19
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86428
    titleDebian DLA-327-1 : freeimage security update
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-DECBAB7C9F.NASL
    descriptionUpdate to version 3.17.0, see http://freeimage.sourceforge.net/news.html for details. This update also includes a patch for CVE-2015-0852. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89438
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89438
    titleFedora 23 : mingw-freeimage-3.17.0-1.fc23 (2015-decbab7c9f)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-3392.NASL
    descriptionPengsu Cheng discovered that FreeImage, a library for graphic image formats, contained multiple integer underflows that could lead to a denial of service: remote attackers were able to trigger a crash by supplying a specially crafted image.
    last seen2020-06-01
    modified2020-06-02
    plugin id86727
    published2015-11-05
    reporterThis script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/86727
    titleDebian DSA-3392-1 : freeimage - security update
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201701-68.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201701-68 (FreeImage: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in in FreeImage. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, by enticing a user to process a specially crafted image file, could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id96854
    published2017-01-30
    reporterThis script is Copyright (C) 2017 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/96854
    titleGLSA-201701-68 : FreeImage: Multiple vulnerabilities
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-992342E82F.NASL
    descriptionThis update fixes CVE-2015-0852. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-04
    plugin id89334
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/89334
    titleFedora 22 : mingw-freeimage-3.15.4-6.fc22 (2015-992342e82f)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-16106.NASL
    descriptionUpdate to version 3.17.0, see http://freeimage.sourceforge.net/news.html for details. This update includes a patch for CVE-2015-0852. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-09-28
    plugin id86173
    published2015-09-28
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86173
    titleFedora 23 : freeimage-3.17.0-1.fc23 (2015-16106)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2015-16104.NASL
    descriptionThis update resolves CVE-2015-0852. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2015-10-02
    plugin id86236
    published2015-10-02
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/86236
    titleFedora 21 : freeimage-3.10.0-23.fc21 (2015-16104)