Alien::FreeImage versions through 1.001 for Perl embed the FreeImage library 3.17.0 from 2017, which itself has been the subject of known exploits such as CVE-2015-0852 and CVE-2025-65803. The distribution also bundles additional image libraries that have documented security weaknesses. The presence of these vulnerable components means that any application that loads the module is effectively importing code that may have been subject to exploitation, potentially allowing an attacker to exploit the weaknesses in FreeImage or the other bundled libraries. The weakness is classified as CWE-1395.

The affected product is Alien::FreeImage 1.001 (and earlier) developed by KMX. Applications that depend on this module, including Perl projects that use image processing or rendering, are at risk. The vulnerability also affects the underlying FreeImage 3.17.0 library and any other embedded image libraries.

The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, reflecting limited public evidence of active exploitation. However, the listed CVEs for embedded libraries indicate serious potential for remote code execution or privilege escalation once an attacker can supply malicious image data. The likely attack vector is inferred to be the handling of untrusted image files by the library. Because the module bundles known vulnerable binaries, the exploitation would require an attacker to supply a crafted image to the application, after which the embedded library may perform malicious actions or crash the process.