VDB
GCVE-110-MAGEIA-2024-244
GCVE-110-MAGEIA-2024-244
Advisory Published
imageio can attempt to download shared freeimage libraries from
https://github.com/imageio/imageio-binaries/tree/master/freeimage. The
code fetches straight from master and provides no way of verifying
whether the correct file was fetched. As a result, if the repository is
attacked in the future, all prior versions of imageio would be silently
downloading arbitrary shared libraries and running them on user systems.
This is a serious problem.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | python-imageio | 0 (affected), 2.22.4-1.1.mga9 (unaffected) | — |
Browse GCVE Records
73,685 records in the GCVE database · Updated July 18, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.