Detection Guidance

Detection of this vulnerability involves identifying the use of Alien::FreeImage versions through 1.001 for Perl, which embed FreeImage library version 3.17.0 or earlier.

Since the vulnerability relates to image processing libraries, detection can include scanning for the presence of vulnerable FreeImage versions in your software environment.

You can check installed Perl modules and their versions with commands like:

• perl -MAlien::FreeImage -e 'print $Alien::FreeImage::VERSION . "\n"'
• If you have the FreeImage library installed separately, check its version with commands such as:
• strings /path/to/libfreeimage.so | grep FreeImage

Additionally, monitoring for crashes or denial of service symptoms triggered by malformed image files (e.g., PCX or PSD files) can indicate exploitation attempts.

Useful 0 Not Useful 0

Executive Summary

The vulnerability exists in Alien::FreeImage versions through 1.001 for Perl, which includes version 3.17.0 of the FreeImage library from 2017. This version contains multiple known security flaws.

One key issue (CVE-2015-0852) involves multiple integer underflows in the PluginPCX.cpp file, which can be exploited by remote attackers to cause a denial of service (DoS) through heap memory corruption by manipulating image dimensions.

Another vulnerability (CVE-2025-65803) is an integer overflow in the psdParser::ReadImageData function, allowing attackers to trigger a DoS by providing a specially crafted PSD file.

Additionally, the library embeds other image libraries, such as zlib, which also have known vulnerabilities.

Useful 0 Not Useful 0

Impact Analysis

These vulnerabilities primarily allow attackers to cause denial of service (DoS) conditions by exploiting integer underflows and overflows in image processing functions.

An attacker can remotely trigger application crashes or memory corruption by supplying specially crafted image files, potentially disrupting services or applications that rely on the vulnerable FreeImage library.

There is no indication from the provided information that these vulnerabilities allow for code execution or data theft, but service availability can be impacted.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include upgrading the Alien::FreeImage Perl module and the embedded FreeImage library to versions that have patched the known vulnerabilities.

Since the vulnerable FreeImage version is 3.17.0, updating to a later version where CVE-2015-0852 and CVE-2025-65803 are fixed is recommended.

If an upgrade is not immediately possible, restrict or sanitize input files to prevent processing of untrusted or specially crafted PCX and PSD image files that could trigger the vulnerabilities.

Monitor your systems for unusual crashes or denial of service conditions related to image processing.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not include any details about how the vulnerability in Alien::FreeImage or its embedded libraries impacts compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0