Aggregates CVE and security vulnerability intelligence across all freeimage_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk memory corruption and related problems; some flaws may lead to vendor impact application crash and vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-70968 | FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE(). | [email protected] | 9.8 | 0.06% | 2026-01-14 | 2026-01-23 |
| CVE-2025-65803 | An integer overflow in the psdParser::ReadImageData function of FreeImage v3.18.0 and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted PSD file. | [email protected] | 6.5 | 0.06% | 2025-12-10 | 2025-12-17 |
| CVE-2024-9029 | A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service. | [email protected] | 7.5 | 0.21% | 2024-09-27 | 2025-08-08 |
| CVE-2024-31570 | libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. | [email protected] | 9.8 | 0.30% | 2024-09-19 | 2024-09-25 |
| CVE-2024-28584 | Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format. | [email protected] | 3.3 | 0.03% | 2024-03-20 | 2025-03-28 |
| CVE-2024-28583 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format. | [email protected] | 7.8 | 0.09% | 2024-03-20 | 2025-03-28 |
| CVE-2024-28582 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format. | [email protected] | 8.4 | 0.06% | 2024-03-20 | 2025-03-28 |
| CVE-2024-28581 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format. | [email protected] | 8.4 | 0.05% | 2024-03-20 | 2025-03-28 |
| CVE-2024-28580 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format. | [email protected] | 8.4 | 0.05% | 2024-03-20 | 2025-03-28 |
| CVE-2024-28579 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format. | [email protected] | 6.2 | 0.05% | 2024-03-20 | 2025-03-28 |
| CVE-2024-28578 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format. | [email protected] | 8.4 | 0.05% | 2024-03-20 | 2025-03-28 |
| CVE-2024-28577 | Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format. | [email protected] | 5.5 | 0.05% | 2024-03-20 | 2025-03-28 |
| CVE-2024-28576 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format. | [email protected] | 5.5 | 0.05% | 2024-03-20 | 2025-03-28 |
| CVE-2024-28575 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format. | [email protected] | 6.2 | 0.05% | 2024-03-20 | 2025-03-28 |
| CVE-2024-28574 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format. | [email protected] | 6.2 | 0.05% | 2024-03-20 | 2025-03-28 |
| CVE-2024-28573 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format. | [email protected] | 6.2 | 0.05% | 2024-03-20 | 2025-03-28 |
| CVE-2024-28572 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format. | [email protected] | 6.2 | 0.05% | 2024-03-20 | 2025-03-28 |
| CVE-2024-28571 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format. | [email protected] | 5.5 | 0.05% | 2024-03-20 | 2025-03-28 |
| CVE-2024-28570 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format. | [email protected] | 5.5 | 0.05% | 2024-03-20 | 2025-03-28 |
| CVE-2024-28569 | Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format. | [email protected] | 7.8 | 0.06% | 2024-03-20 | 2025-03-28 |