CVE-2022-4988

Summary

Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries.

Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803. The library embeds other images libraries that also have known vulnerabilities.

Affected Software

VendorProductVersion RangeStatus
KMXAlien::FreeImage0 <= 1.001affected

Weaknesses

  • CWE-1395: CWE-1395 Dependency on Vulnerable Third-Party Component

Workarounds

The latest version of the FreeImage library is 3.18.0 from 2018, which also appears to have serious vulnerabilities.

Users are advised to use alternatives.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References