CVE-2022-4988
7.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries.
Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803. The library embeds other images libraries that also have known vulnerabilities.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| KMX | Alien::FreeImage | 0 <= 1.001 | affected |
Weaknesses
- CWE-1395: CWE-1395 Dependency on Vulnerable Third-Party Component
Workarounds
The latest version of the FreeImage library is 3.18.0 from 2018, which also appears to have serious vulnerabilities.
Users are advised to use alternatives.
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: partial
References
- https://freeimage.sourceforge.io/
- https://metacpan.org/release/KMX/Alien-FreeImage-1.001/source/src/Source
- https://nvd.nist.gov/vuln/detail/CVE-2015-0852
- https://nvd.nist.gov/vuln/detail/CVE-2025-65803
- https://github.com/kmx/alien-freeimage/issues/4
- https://github.com/kmx/alien-freeimage/issues/5
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.