CVE-2025-70968 – FreeImage 3.18.0 contains a use-after-free vuln... (How to Fix)

Q: What is the severity of CVE-2025-70968?

CVE-2025-70968 has a CVSS score of 9.8 (CRITICAL). FreeImage 3.18.0 contains a use-after-free vulnerability in the TARGA image parser that allows attackers to execute arbitrary code or cause denial of service. This affects any application that uses FreeImage to process untrusted TARGA images. Developers and systems using FreeImage libraries are at risk.

📋 TL;DR

FreeImage 3.18.0 contains a use-after-free vulnerability in the TARGA image parser that allows attackers to execute arbitrary code or cause denial of service. This affects any application that uses FreeImage to process untrusted TARGA images. Developers and systems using FreeImage libraries are at risk.

💻 Affected Systems

Products:

FreeImage

Versions: 3.18.0

Operating Systems: All platforms where FreeImage runs (Windows, Linux, macOS, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Any application linking against FreeImage 3.18.0 that processes TARGA images is vulnerable. The vulnerability is in the core library and affects all configurations.

📦 What is this software?

Freeimage by Freeimage Project

View all CVEs affecting Freeimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with the privileges of the application processing the image, potentially leading to complete system compromise.

🟠

Likely Case

Application crash (denial of service) when processing malicious TARGA files, with potential for code execution in some configurations.

🟢

If Mitigated

Application crash without code execution if memory protections like ASLR are effective.

🌐 Internet-Facing: HIGH - Any service accepting image uploads or processing untrusted TARGA files is vulnerable to remote exploitation.

🏢 Internal Only: MEDIUM - Internal applications processing user-uploaded images or files from untrusted sources remain vulnerable.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof-of-concept crash code is publicly available. The use-after-free nature makes reliable exploitation more complex but possible with heap manipulation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Monitor FreeImage project for security updates. 2. Consider temporary workarounds. 3. Recompile applications with patched library when available.

🔧 Temporary Workarounds

Disable TARGA plugin

all

Remove or disable FreeImage's TARGA plugin to prevent processing of TARGA files

rm /path/to/FreeImage/Plugins/TARGA.*
Remove TARGA from plugin compilation

Input validation

all

Reject TARGA files at application level before passing to FreeImage

Implement file type checking before FreeImage processing

🧯 If You Can't Patch

Implement strict input validation to reject TARGA files at network boundaries
Run vulnerable applications with reduced privileges and memory protection mechanisms enabled

🔍 How to Verify

Check if Vulnerable:

Check if application links against FreeImage 3.18.0 and processes image files

Check Version:

Check application dependencies or FreeImage library version (varies by platform)

Verify Fix Applied:

Test with proof-of-concept TARGA file to confirm crash no longer occurs

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing image files
Memory access violation errors
Unexpected process termination

Network Indicators:

Unusual TARGA file uploads to services
Multiple failed image processing attempts

SIEM Query:

Process termination events with memory violation codes following file upload/processing

📊 Metadata

CVE ID: CVE-2025-70968

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

EPSS Score: 0.05% exploit probability (16.5th percentile)

Published: January 14, 2026

Last Updated: January 23, 2026

🔗 References

https://github.com/MiracleWolf/FreeimageCrash/tree/main Product,Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-70968, you might also want to check these: