{"id":"UBUNTU-CVE-2015-0852","details":"Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and earlier allow remote attackers to cause a denial of service (heap memory corruption) via vectors related to the height and width of a window.","modified":"2026-04-22T10:01:30.898170Z","published":"2015-09-29T18:59:00Z","upstream":["CVE-2015-0852"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2015-0852"},{"type":"REPORT","url":"https://marc.info/?l=oss-security&m=144073280200732&w=2"},{"type":"REPORT","url":"http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?r1=1.17&r2=1.18&pathrev=MAIN"},{"type":"REPORT","url":"http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?r1=1.18&r2=1.19&pathrev=MAIN"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2015-0852"}],"affected":[{"package":{"name":"freeimage","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/freeimage@3.15.4-3ubuntu0.1+esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.15.4-3ubuntu0.1+esm1"}]}],"versions":["3.15.1-2build1","3.15.1-2build2","3.15.4-2","3.15.4-3","3.15.4-3ubuntu0.1"],"ecosystem_specific":{"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro","binaries":[{"binary_version":"3.15.4-3ubuntu0.1+esm1","binary_name":"libfreeimage3"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2015/UBUNTU-CVE-2015-0852.json"}}],"schema_version":"1.7.5","severity":[{"type":"Ubuntu","score":"medium"}]}