arrayfire / arrayfire

ArrayFire: a general purpose GPU library.

Home Page:https://arrayfire.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

[Urgent security issue] FreeImage arbitrary code execution vulnerability

lavenderdotpet opened this issue · comments

main 2 I think is the most important to point out

both of these can run arbitrary code one of them being from the BMP plugin
so I am assuming a person could get a user to load a malicious BMP or a file with a malicious bpm inside of it

Free Image should either be forked and fixed asap or abandoned for a different library

active project i could find that use freeimage
https://github.com/sirjuddington/SLADE
https://github.com/TrenchBroom/TrenchBroom
https://github.com/RetroPie/EmulationStation
https://github.com/MonoGame/MonoGame
https://github.com/meganz/MEGAsync
https://github.com/OGRECave/ogre
https://github.com/OGRECave/ogre-next
https://github.com/Open-Cascade-SAS/OCCT
https://github.com/arrayfire/forge
https://git.sr.ht/~exec64/imv
https://github.com/arrayfire/arrayfire

Free Image v3.18.0

Free Image before v1.18.0