Fluid Attacks Database

Description

Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 13	freeimage	>=0 <3.15.4-5	3.15.4-5
debian 14	freeimage	>=0 <3.15.4-5	3.15.4-5
debian 12	freeimage	>=0 <3.15.4-5	3.15.4-5
debian 11	freeimage	>=0 <3.15.4-5	3.15.4-5

Aliases

1. CVE-2015-08522. NVD-2015-08523. OSV-DEBIAN-2015-08524. OSV-2015-08525. SECURITY-TRACKER-CVE-2015-0852

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.