The bug is caused by an out-of-bounds write vulnerability which exists in the XMP image handling functionality.
The bug is caused by an out-of-bounds write vulnerability which exists in the XMP image handling functionality.

Cisco Talos researchers spotted a remote code execution vulnerability in the FreeImage Library XMP Image Handling affecting version 3.17.0.

The bug is caused by an out-of-bounds write vulnerability which exists in the XMP image handling functionality of the FreeImage library and if exploited, would allow an attacker to use a specially crafted XMP file to cause an arbitrary memory overwrite resulting in code execution, according to an Oct. 3 blog post.

“The vulnerability occurs in the file Source/FreeImage/PluginXPM.cpp in the function Load(), which is called when an XPM file is being loaded,” the post said.

A user can become infected if they open a malformed file sent to them via email, are tricked into downloading and opening the malicious file, or if the file is sent via instant message and is automatically opened due to user configuration, Talos Senior Technical Leader and Global Outreach Manager Craig Williams told SCMagazine.com.

The file only needs to get to the victim's machine in order to execute the attack, he said. The vulnerability has already been reported and was patched in the CVS on Aug. 7, although the firm hasn't released a new version of the software.  

“We have not confirmed exploitation in the wild at this time,” Williams said, but Talos researchers recommended users update to the CVS version to avoid being exposed to this vulnerability.