A critical Use-After-Free vulnerability has been identified in the FreeImage library, a widely used open-source component for image processing. An attacker can exploit this flaw by tricking a user or an automated process into opening a specially crafted TARGA (TGA) image file, which could lead to arbitrary code execution and a complete compromise of the affected system.

The vulnerability is a Use-After-Free error within the loadRLE() function of the PluginTARGA.cpp component. This function is responsible for parsing Run-Length Encoded (RLE) data in TARGA image files. An attacker can create a malicious TGA image that, when processed by the vulnerable library, causes the application to deallocate a memory region and then attempt to use (read from or write to) that same freed memory. This memory corruption can be leveraged by the attacker to hijack the application's control flow, leading to arbitrary code execution in the security context of the user or service running the application.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could have a severe impact on the business, leading to a full system compromise. An attacker could execute malicious code to steal sensitive data, install ransomware or other malware, disrupt operations, or use the compromised system as a pivot point to move laterally within the network. Given that the FreeImage library is embedded in numerous third-party applications (e.g., content management systems, graphic design tools, server-side image processors), the attack surface could be extensive and difficult to identify, posing a significant risk to confidentiality, integrity, and availability.

Immediate Action: Immediately identify all applications and systems utilizing the vulnerable FreeImage library and update them to the latest patched version as recommended by the vendor. After patching, monitor for any signs of exploitation attempts by reviewing application and system access logs for unusual activity related to image file processing.

Proactive Monitoring: Implement enhanced monitoring for applications that process image files, particularly TGA files from untrusted sources. Look for signs of compromise such as unexpected application crashes, suspicious child processes being spawned by image-processing applications, or unauthorized outbound network connections from affected systems. Intrusion Detection Systems (IDS) and Security Information and Event Management (SIEM) systems should be configured with rules to detect anomalies associated with this type of exploit.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Restrict or block the processing of TGA image files from untrusted external sources.
• Run applications that use the FreeImage library in a sandboxed or containerized environment to limit the impact of a potential compromise.
• Utilize Endpoint Detection and Response (EDR) solutions to detect and block memory exploitation techniques.
• Apply strict file-type validation to ensure that only legitimate, non-malicious files are processed.

Public Exploit Available: false

Given the critical CVSS score of 9.8, this vulnerability poses a severe and immediate threat. We strongly recommend that organizations prioritize the patching of this vulnerability across all affected systems. A comprehensive inventory should be conducted to identify all instances of the FreeImage library, including those embedded within third-party software. Although this CVE is not currently listed on the CISA KEV list, its high impact score makes it a prime candidate for future inclusion and a high-value target for attackers. Remediate immediately to prevent potential system compromise.