CVE-2019-12212

Published: May 20, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing stack exhaustion. An attacker can achieve a remote denial of service attack by sending a specially constructed file.

Affected (1)

Products: Freeimage Project: Freeimage

Freeimage Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Freeimage Project Freeimage	Version 3.18.0

Related CWEs

Uncontrolled Recursion

The product does not properly control the amount of recursion that takes place, consuming excessive resources, such as allocated memory or the program stack.

References (2)

https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/

Source: cve@mitre.org

ExploitThird Party Advisory

https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.