CVE-2023-47994 – An integer overflow vulnerability in FreeImage'... (How to Fix)

Q: What is the severity of CVE-2023-47994?

CVE-2023-47994 has a CVSS score of 8.8 (HIGH). An integer overflow vulnerability in FreeImage's BMP plugin allows attackers to read memory contents, crash applications, or execute arbitrary code when processing specially crafted BMP images. This affects any application using FreeImage 3.18.0 to parse BMP files. Attackers can exploit this by tricking users into opening malicious images.

📋 TL;DR

An integer overflow vulnerability in FreeImage's BMP plugin allows attackers to read memory contents, crash applications, or execute arbitrary code when processing specially crafted BMP images. This affects any application using FreeImage 3.18.0 to parse BMP files. Attackers can exploit this by tricking users into opening malicious images.

💻 Affected Systems

Products:

FreeImage

Versions: 3.18.0

Operating Systems: All platforms where FreeImage runs (Windows, Linux, macOS, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Any application linking against FreeImage 3.18.0 is vulnerable when processing BMP images. This includes many third-party applications and libraries that use FreeImage for image processing.

📦 What is this software?

Freeimage by Freeimage Project

View all CVEs affecting Freeimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application using FreeImage, potentially leading to complete system compromise.

🟠

Likely Case

Denial of service (application crash) or information disclosure (memory leak) from malformed BMP files.

🟢

If Mitigated

Limited impact if application runs with minimal privileges, uses sandboxing, or validates image sources.

🌐 Internet-Facing: HIGH if applications process user-uploaded BMP files without validation.

🏢 Internal Only: MEDIUM if BMP files are processed from trusted internal sources only.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept code is publicly available. Exploitation requires the target to process a malicious BMP file, which can be delivered via email, web uploads, or other file transfer methods.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.19.0 or later

Vendor Advisory: https://freeimage.sourceforge.io/

Restart Required: Yes

Instructions:

1. Download FreeImage 3.19.0 or later from the official repository. 2. Replace the vulnerable FreeImage library files with the patched version. 3. Recompile any applications that statically link FreeImage. 4. Restart affected applications or services.

🔧 Temporary Workarounds

Disable BMP processing

all

Configure applications to reject or skip BMP file processing if not required.

Application-specific configuration required

Input validation

all

Implement server-side validation to reject suspicious BMP files before processing.

Implement file signature validation and size limits

🧯 If You Can't Patch

Isolate applications using FreeImage in restricted network segments or containers.
Implement strict access controls and monitor for unexpected crashes or memory usage.

🔍 How to Verify

Check if Vulnerable:

Check if FreeImage version 3.18.0 is installed or linked by applications. Use dependency checkers or examine application binaries.

Check Version:

On Linux: ldd /path/to/application | grep -i freeimage; On Windows: check DLL versions or use dependency walker tools.

Verify Fix Applied:

Verify FreeImage version is 3.19.0 or later. Test with known malicious BMP files to ensure no crashes or memory issues.

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing BMP files
Unexpected memory access errors in logs

Network Indicators:

Unusual inbound transfers of BMP files to servers
Spikes in file uploads to image processing endpoints

SIEM Query:

Example: search for 'segmentation fault' OR 'access violation' in application logs where process name contains 'freeimage' OR file extension is '.bmp'

📊 Metadata

CVE ID: CVE-2023-47994

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-190

Published: January 9, 2024

Last Updated: June 3, 2025

🔗 References

https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47994 Exploit,Third Party Advisory
https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47994 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47994, you might also want to check these: