CVE-2025-70968

Published Jan 14, 2026

Last updated a month ago

CVSS critical 9.8

Overview

Description: FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().
Source: cve@mitre.org
NVD status: Analyzed
Products: freeimage

Risk scores

CVSS 3.1

Type: Secondary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-416

Hype score: Not currently trending

FreeImage 3.18.0 contains a Use-After-Free vulnerability (CVE-2025-70968) in TARGA image processing. Assess exposure if handling untrusted image data. #freeimage #infosec #memorysafety https://t.co/BUjQHBKS3c
@pulsepatchio
15 Jan 2026
46 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-70968 FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE(). https://t.co/g7mDuVTaTZ
@CVEnew
15 Jan 2026
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-70968 Use After Free Vulnerability in FreeImage 3.18.0 TARGA Image Loading Routine https://t.co/mKxoSOaqlc
@VulmonFeeds
15 Jan 2026
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-70968 - Critical FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE(). https://t.co/2jlN8eseN4 https://t.co/BwBCWQNeOp
@TheHackerWire
14 Jan 2026
45 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-70968: CRITICAL] FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().#cve,CVE-2025-70968,#cybersecurity https://t.co/3cUcrErTKV https://t.co/E2YbsvuJka
@CveFindCom
14 Jan 2026
80 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:freeimage_project:freeimage:3.18.0:*:*:*:*:*:*:*",
            "matchCriteriaId": "649CACB0-AD52-4217-9DF9-B692533ED990",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

An integer overflow in the psdParser::ReadImageData function of FreeImage v3.18.0 and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted PSD file.•CVE-2025-65803
A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service.•CVE-2024-9029
libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.•CVE-2024-31570
Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format.•CVE-2024-28584
Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format.•CVE-2024-28583

References

Sources include official advisories and independent security research.

https://nvd.nist.gov/vuln/detail/CVE-2025-70968
https://github.com/MiracleWolf/FreeimageCrash/tree/main

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References