CVE-2025-65803

Published Dec 10, 2025

Last updated 2 months ago

CVSS medium 6.5

Overview

Description
An integer overflow in the psdParser::ReadImageData function of FreeImage v3.18.0 and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted PSD file.
Source
cve@mitre.org
NVD status
Analyzed
Products
freeimage

Risk scores

CVSS 3.1

Type
Secondary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-190

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().CVE-2025-70968
  2. A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service.CVE-2024-9029
  3. libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.CVE-2024-31570
  4. Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format.CVE-2024-28584
  5. Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format.CVE-2024-28583

References

Sources include official advisories and independent security research.