======================================================================== CVE-2022-4988 CPAN Security Group ========================================================================
CVE ID: CVE-2022-4988 Distribution: Alien-FreeImage Versions: through 1.001 MetaCPAN: https://metacpan.org/dist/Alien-FreeImage VCS Repo: https://github.com/kmx/alien-freeimage Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries Description ----------- Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries. Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803. The library embeds other images libraries that also have known vulnerabilities. Problem types ------------- - CWE-1395 Dependency on Vulnerable Third-Party Component Workarounds ----------- The latest version of the FreeImage library is 3.18.0 from 2018, which also appears to have serious vulnerabilities. Users are advised to use alternatives. References ---------- https://freeimage.sourceforge.io/ https://metacpan.org/release/KMX/Alien-FreeImage-1.001/source/src/Source https://nvd.nist.gov/vuln/detail/CVE-2015-0852 https://nvd.nist.gov/vuln/detail/CVE-2025-65803 https://github.com/kmx/alien-freeimage/issues/4 https://github.com/kmx/alien-freeimage/issues/5 Timeline -------- - 2017-07-11: Alien::FreeImage released with FreeImage 3.17.0 - 2022-06-29: Issues added to git repository regarding security vulnerabilities - 2022-06-29: Several issues added to CPANSA::DB - 2026-03-27: Issues logged with CPANSec
