CVE-2023-47994
CVSS 3.1 Score 8.8 of 10 (high)
Details
Summary
CVE-2023-47994 is an integer overflow vulnerability discovered in the LoadPixelDataRLE4 function of PluginBMP.cpp in Freeimage 3.18.0. This issue permits attackers to manipulate input data, resulting in memory corruption. The exploitation of this vulnerability can lead to the disclosure of sensitive information, a denial of service, or even the execution of arbitrary code. This security flaw poses a significant risk to systems that utilize Freeimage 3.18.0 and could potentially be exploited for malicious purposes. It is highly recommended that users upgrade to a patched version of Freeimage as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.