Recent changes to bugs

CVE-2025-65803: Heap Buffer Overflow DoS Vulnerability in FreeImage (psdParser::ReadImageData)

Salvatore Bonaccorso — Fri, 12 Dec 2025 20:14:18 -0000

There is in https://gist.github.com/1mxml/cabd6d972557d9d992fe5f4f6ca1dd87 a report about heap-based buffer overflow in psdParser::ReadImageData and has CVE-2025-65803 assigned.

It might be a duplicate of CVE-2024-28565 which was forwarded as https://sourceforge.net/p/freeimage/bugs/366/

GCC 14 build fixes

Thomas Petazzoni — Mon, 08 Sep 2025 17:53:46 -0000

libfreeimage fails to build with GCC 14+ compilers due to issues in the bundled libjxr library. Debian's libjxr library has some fixes:
https://sources.debian.org/patches/jxrlib/1.2~git20170615.f752187-5.3/0013-jxrlib-ftbfs-with-GCC-14.patch/
https://sources.debian.org/patches/jxrlib/1.2~git20170615.f752187-5.3/0015-FTBFS-fix-for-function-prototype-error.patch/
which are needed to get the build working.

[Workaround] Build with GCC 14 fails with `gzlib.c:14:17: error: implicit declaration of function ‘lseek’; did you mean ‘fseek’? [-Wimplicit-function-declaration]`.

Drei Eck — Tue, 04 Mar 2025 20:46:37 -0000

Trying to build the latest release (version 3.18.0) with GCC version 14.2.1 fails with
gzlib.c:14:17: error: implicit declaration of function ‘lseek’; did you mean ‘fseek’? [-Wimplicit-function-declaration]:

[...]
gcc -march=i686 -m32 -march=native -mtune=native -O3 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2 -fstack-clash-protection -fcf-protection -w -flto=auto -O3 -fPIC -fvisibility=hidden -DNO_LCMS -DOPJ_STATIC -DNO_LCMS -DDISABLE_PERF_MEASUREMENT -D__ANSI__ -I. -ISource -ISource/Metadata -ISource/FreeImageToolkit -ISource/LibJPEG -ISource/LibPNG -ISource/LibTIFF4 -ISource/ZLib -ISource/LibOpenJPEG -ISource/OpenEXR -ISource/OpenEXR/Half -ISource/OpenEXR/Iex -ISource/OpenEXR/IlmImf -ISource/OpenEXR/IlmThread -ISource/OpenEXR/Imath -ISource/OpenEXR/IexMath -ISource/LibRawLite -ISource/LibRawLite/dcraw -ISource/LibRawLite/internal -ISource/LibRawLite/libraw -ISource/LibRawLite/src -ISource/LibWebP -ISource/LibJXR -ISource/LibJXR/common/include -ISource/LibJXR/image/sys -ISource/LibJXR/jxrgluelib -fPIC -c Source/ZLib/zutil.c -o Source/ZLib/zutil.o
Source/ZLib/gzlib.c: In function ‘gz_open’:
Source/ZLib/gzlib.c:14:17: error: implicit declaration of function ‘lseek’; did you mean ‘fseek’? [-Wimplicit-function-declaration]
   14 | #  define LSEEK lseek
      |                 ^~~~~
Source/ZLib/gzlib.c:252:9: note: in expansion of macro ‘LSEEK’
  252 |         LSEEK(state->fd, 0, SEEK_END);  /* so gzoffset() is correct */
      |         ^~~~~
Source/ZLib/gzwrite.c: In function ‘gz_comp’:
Source/ZLib/gzwrite.c:89:20: error: implicit declaration of function ‘write’; did you mean ‘fwrite’? [-Wimplicit-function-declaration]
   89 |             writ = write(state->fd, strm->next_in, put);
      |                    ^~~~~
      |                    fwrite
Source/ZLib/gzwrite.c: In function ‘gzclose_w’:
Source/ZLib/gzwrite.c:661:9: error: implicit declaration of function ‘close’; did you mean ‘pclose’? [-Wimplicit-function-declaration]
  661 |     if (close(state->fd) == -1)
      |         ^~~~~
      |         pclose
gcc -march=i686 -m32 -march=native -mtune=native -O3 -pipe -fno-plt -fexceptions -Wp,-D_FORTIFY_SOURCE=2 -fstack-clash-protection -fcf-protection -w -flto=auto -O3 -fPIC -fvisibility=hidden -DNO_LCMS -DOPJ_STATIC -DNO_LCMS -DDISABLE_PERF_MEASUREMENT -D__ANSI__ -I. -ISource -ISource/Metadata -ISource/FreeImageToolkit -ISource/LibJPEG -ISource/LibPNG -ISource/LibTIFF4 -ISource/ZLib -ISource/LibOpenJPEG -ISource/OpenEXR -ISource/OpenEXR/Half -ISource/OpenEXR/Iex -ISource/OpenEXR/IlmImf -ISource/OpenEXR/IlmThread -ISource/OpenEXR/Imath -ISource/OpenEXR/IexMath -ISource/LibRawLite -ISource/LibRawLite/dcraw -ISource/LibRawLite/internal -ISource/LibRawLite/libraw -ISource/LibRawLite/src -ISource/LibWebP -ISource/LibJXR -ISource/LibJXR/common/include -ISource/LibJXR/image/sys -ISource/LibJXR/jxrgluelib -fPIC -c Source/LibOpenJPEG/bio.c -o Source/LibOpenJPEG/bio.o
make[1]: *** [Makefile.gnu:61: Source/ZLib/gzlib.o] Error 1
make[1]: *** Waiting for unfinished jobs....
make[1]: *** [Makefile.gnu:61: Source/ZLib/gzwrite.o] Error 1
Source/ZLib/gzread.c: In function ‘gz_load’:
Source/ZLib/gzread.c:35:15: error: implicit declaration of function ‘read’; did you mean ‘fread’? [-Wimplicit-function-declaration]
   35 |         ret = read(state->fd, buf + *have, get);
      |               ^~~~
      |               fread
Source/ZLib/gzread.c: In function ‘gzclose_r’:
Source/ZLib/gzread.c:651:11: error: implicit declaration of function ‘close’; did you mean ‘pclose’? [-Wimplicit-function-declaration]
  651 |     ret = close(state->fd);
      |           ^~~~~
      |           pclose
make[1]: *** [Makefile.gnu:61: Source/ZLib/gzread.o] Error 1
make[1]: Leaving directory '/var/cache/makepkg/build/lib32-freeimage/src/FreeImage'

A workaround is to add -Wno-error=implicit-function-declaration to CFLAGS/ CXXFLAGS environment variable, but it should be fixed in the source code.

Also warnings are generated.

Regards!

Potential regression in LoadPixelDataRLE8 since 3.19.0

tbeu — Mon, 30 Dec 2024 13:19:35 -0000

I reported first in https://github.com/danoli3/FreeImage/issues/23, but only later I observed that r-1332 introduced the potential regression.

Thank you and sorry for cross-posting.

#386 CVE-2024-31570: stack-based buffer overflow in the PluginXPM.cpp Load function when handling XPM files

Santiago R.R. — Tue, 08 Oct 2024 14:19:36 -0000

This is probably a duplicate of #355 (it is currently private, and I don't have access to it)

CVE-2024-31570: stack-based buffer overflow in the PluginXPM.cpp Load function when handling XPM files

Santiago R.R. — Mon, 07 Oct 2024 21:47:46 -0000

In FreeImage library version 3.19.0 [r1909], when reading images in XPM format, the Load() function has a stack overflow write vulnerability, which may lead to a command execution.

The aim of this ticket is to forward upstream the vulnerabilities published at
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909.
Please see there for more details.

CVE-2024-28584: Null Pointer Dereference in J2KImageToFIBITMAP()

Santiago R.R. — Mon, 07 Oct 2024 21:00:58 -0000

Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format.

The aim of this ticket is to forward upstream the vulnerabilities published at
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909.
Please see there for more details.

CVE-2024-28583: Buffer Overflow in readLine() when reading XPM images

Santiago R.R. — Mon, 07 Oct 2024 21:00:25 -0000

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format.

The aim of this ticket is to forward upstream the vulnerabilities published at
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909.
Please see there for more details.

CVE-2024-28582: Buffer Overflow in rgbe_RGBEToFloat()

Santiago R.R. — Mon, 07 Oct 2024 20:59:51 -0000

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format.

The aim of this ticket is to forward upstream the vulnerabilities published at
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909.
Please see there for more details.

CVE-2024-28581: Buffer Overflow in _assignPixel() relating to TARGA images

Santiago R.R. — Mon, 07 Oct 2024 20:59:23 -0000

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel() function when reading images in TARGA format.

The aim of this ticket is to forward upstream the vulnerabilities published at
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909.
Please see there for more details.