CVE-2015-0852

Severity Score

5.0

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.

Vulnerabilidades de desbordamientos de entero múltiple en PluginPCX.cpp en FreeImage 3.17.0 y versiones anteriores, permite a atacantes remotos provocar una denegación de servicio (corrupción de la memoria dinámica) a través de vectores relacionados con el alto y ancho de una ventana.

*Credits: N/A

CVSS Scores

NISTv2 5.0

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-01-07 CVE Reserved
2015-09-29 CVE Published
2023-12-30 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-189: Numeric Errors

CAPEC

References (11)

URL	Tag	Source
http://www.securitytracker.com/id/1034077	Vdb Entry
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2015-September/167766.html	2019-01-16
http://www.openwall.com/lists/oss-security/2015/08/28/1	2019-01-16
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=797165	2019-01-16

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172491.html	2019-01-16
http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172583.html	2019-01-16
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168000.html	2019-01-16
http://lists.fedoraproject.org/pipermail/package-announce/2015-October/168023.html	2019-01-16
http://www.debian.org/security/2015/dsa-3392	2019-01-16
https://security.gentoo.org/glsa/201701-68	2019-01-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Freeimage Project Search vendor "Freeimage Project"		Freeimage Search vendor "Freeimage Project" for product "Freeimage"				<= 3.17.0 Search vendor "Freeimage Project" for product "Freeimage" and version " <= 3.17.0"		-		Affected