Description
Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries.

Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803. The library embeds other images libraries that also have known vulnerabilities.
Published: 2026-05-11
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Alien::FreeImage versions through 1.001 for Perl embed the FreeImage library 3.17.0 from 2017, which is known to contain vulnerabilities such as CVE‑2015‑0852 and CVE‑2025‑65803. The distribution also includes other image libraries that have documented security weaknesses. Because the module bundles vulnerable binaries, any application that loads it may run code that is susceptible to exploitation. The weakness is classified as CWE‑1395.

Affected Systems

The affected product is Alien::FreeImage 1.001 (and earlier) developed by KMX. Applications that depend on this module, including Perl projects that use image processing or rendering, are at risk. The vulnerability also affects the underlying FreeImage 3.17.0 library and any other embedded image libraries.

Risk and Exploitability

The EPSS score of < 1% indicates a very low probability of exploitation, and the vulnerability is not listed in the CISA KEV catalog. The CVSS score of 7.3 indicates high severity. The listed CVEs for the bundled libraries suggest that, if an attacker can supply malicious image data to the application, the underlying vulnerabilities could be exposed. The likely attack vector is inferred to be the handling of untrusted image files by the library, but this inference is not directly stated in the CVE description.

Generated by OpenCVE AI on May 13, 2026 at 17:23 UTC.

Remediation

Vendor Workaround

The latest version of the FreeImage library is 3.18.0 from 2018, which also appears to have serious vulnerabilities. Users are advised to use alternatives.

OpenCVE Recommended Actions

  • Replace Alien::FreeImage with an alternative image processing library that does not embed vulnerable components.
  • Avoid using FreeImage 3.18.0 from 2018, which also contains serious vulnerabilities; switch to a different image processing module.
  • Ensure that any image files processed by your application originate only from trusted sources; validate and sanitize input before passing it to the library.

Generated by OpenCVE AI on May 13, 2026 at 17:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 13 May 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Kmx
Kmx alien::freeimage
Vendors & Products Kmx
Kmx alien::freeimage

Mon, 11 May 2026 19:30:00 +0000

Type Values Removed Values Added
Description Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries. Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803. The library embeds other images libraries that also have known vulnerabilities.
Title Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries
Weaknesses CWE-1395
References

Subscriptions

Kmx Alien::freeimage
cve-icon MITRE

Status: PUBLISHED

Assigner: CPANSec

Published:

Updated: 2026-05-13T12:56:15.512Z

Reserved: 2026-05-08T07:05:02.847Z

Link: CVE-2022-4988

cve-icon Vulnrichment

Updated: 2026-05-13T12:55:44.921Z

cve-icon NVD

Status : Deferred

Published: 2026-05-11T20:19:35.017

Modified: 2026-05-13T14:16:55.330

Link: CVE-2022-4988

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T17:30:06Z

Weaknesses
  • CWE-1395

    Dependency on Vulnerable Third-Party Component