CVE-2015-0852
freeimage - security update
EPSS 2.2%
Description
Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.
How to fix CVE-2015-0852
To remediate CVE-2015-0852, upgrade the affected package to a fixed version below.
- Debian/freeimage—upgrade to 3.15.4-5 or later
- Debian/freeimage—upgrade to 3.10.0-4+deb6u1 or later
- Debian/freeimage—upgrade to 3.15.1-1.1 or later
Is CVE-2015-0852 being exploited?
Low — EPSS is 2.2%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 3.15.4-5
- from 0, < 3.10.0-4+deb6u1
- from 0, < 3.15.1-1.1