VDB

GCVE-110-MAGEIA-2024-244

GCVE-110-MAGEIA-2024-244
Advisory Published
Vulnetix · Advisory published July 1, 2024
imageio can attempt to download shared freeimage libraries from https://github.com/imageio/imageio-binaries/tree/master/freeimage. The code fetches straight from master and provides no way of verifying whether the correct file was fetched. As a result, if the repository is attacked in the future, all prior versions of imageio would be silently downloading arbitrary shared libraries and running them on user systems. This is a serious problem.

Affected Products

VendorProductVersionsPlatforms
Mageiapython-imageio0 (affected), 2.22.4-1.1.mga9 (unaffected)

Browse GCVE Records

73,685 records in the GCVE database · Updated July 18, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›