CVE-2019-12214

Name: CVE-2019-12214
Creator: NVD / NIST
Published: 2019-05-20T16:29:01.24+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.50%

Last modified Jun 17, 2026

CVE-2019-12214 is a vulnerability of currently unknown severity. In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.. EPSS estimates a 1.50% chance of exploitation in the next 30 days.

Description

In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j2k.c. The value of l_N_ppm comes from the file read in, and the code does not consider that l_N_ppm may be greater than the size of p_header_data.

Metrics

EPSS Probability

1.50%

71.0th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-125

Affected Software

Vendor	Product	Versions
Freeimage Project	Freeimage	3.18.0

References

https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/Exploit, Third Party Advisory
https://sourceforge.net/p/freeimage/discussion/36111/thread/e06734bed5/Exploit, Third Party Advisory

Timeline

Published: May 20, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-12214?

How severe is CVE-2019-12214?

Severity scoring for CVE-2019-12214 is pending analysis. The EPSS model estimates a 1.50% probability of exploitation in the next 30 days.

How do I fix CVE-2019-12214?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-12214?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST