CVE-2022-4988 PUBLISHED

Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries

Assigner: CPANSec
Reserved: 08.05.2026 Published: 11.05.2026 Updated: 11.05.2026

Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries.

Alien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803. The library embeds other images libraries that also have known vulnerabilities.

Product Status

Vendor	KMX
Product	Alien::FreeImage
Versions	Default: unaffected affected from 0 to 1.001 (incl.)

Workarounds

The latest version of the FreeImage library is 3.18.0 from 2018, which also appears to have serious vulnerabilities.

Users are advised to use alternatives.

References

https://freeimage.sourceforge.io/
https://metacpan.org/release/KMX/Alien-FreeImage-1.001/source/src/Source
https://nvd.nist.gov/vuln/detail/CVE-2015-0852
https://nvd.nist.gov/vuln/detail/CVE-2025-65803
https://github.com/kmx/alien-freeimage/issues/4
https://github.com/kmx/alien-freeimage/issues/5

Problem Types

CWE-1395 Dependency on Vulnerable Third-Party Component CWE