{"api_version":"1","generated_at":"2026-05-13T05:23:09+00:00","cve":"CVE-2022-4988","urls":{"html":"https://cve.report/CVE-2022-4988","api":"https://cve.report/api/cve/CVE-2022-4988.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-4988","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-4988"},"summary":{"title":"Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries","description":"Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries.\n\nAlien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803.  The library embeds other images libraries that also have known vulnerabilities.","state":"PUBLISHED","assigner":"CPANSec","published_at":"2026-05-11 20:19:35","updated_at":"2026-05-12 16:48:58"},"problem_types":["CWE-1395 CWE-1395 Dependency on Vulnerable Third-Party Component"],"metrics":[],"references":[{"url":"https://github.com/kmx/alien-freeimage/issues/5","name":"https://github.com/kmx/alien-freeimage/issues/5","refsource":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0852","name":"https://nvd.nist.gov/vuln/detail/CVE-2015-0852","refsource":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://metacpan.org/release/KMX/Alien-FreeImage-1.001/source/src/Source","name":"https://metacpan.org/release/KMX/Alien-FreeImage-1.001/source/src/Source","refsource":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/kmx/alien-freeimage/issues/4","name":"https://github.com/kmx/alien-freeimage/issues/4","refsource":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://freeimage.sourceforge.io/","name":"https://freeimage.sourceforge.io/","refsource":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-65803","name":"https://nvd.nist.gov/vuln/detail/CVE-2025-65803","refsource":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-4988","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-4988","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"KMX","product":"Alien::FreeImage","version":"affected 1.001 custom","platforms":[]}],"timeline":[{"source":"CNA","time":"2017-07-11T00:00:00.000Z","lang":"en","value":"Alien::FreeImage released with FreeImage 3.17.0"},{"source":"CNA","time":"2022-06-29T00:00:00.000Z","lang":"en","value":"Issues added to git repository regarding security vulnerabilities"},{"source":"CNA","time":"2022-06-29T00:00:00.000Z","lang":"en","value":"Several issues added to CPANSA::DB"},{"source":"CNA","time":"2026-03-27T00:00:00.000Z","lang":"en","value":"Issues logged with CPANSec"}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"The latest version of the FreeImage library is 3.18.0 from 2018, which also appears to have serious vulnerabilities.\n\nUsers are advised to use alternatives.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2022","cve_id":"4988","cve":"CVE-2022-4988","epss":"0.000240000","percentile":"0.070360000","score_date":"2026-05-12","updated_at":"2026-05-13 00:11:52"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"cna":{"affected":[{"collectionURL":"https://cpan.org/modules","defaultStatus":"unaffected","packageName":"Alien-FreeImage","product":"Alien::FreeImage","repo":"https://github.com/kmx/alien-freeimage","vendor":"KMX","versions":[{"lessThanOrEqual":"1.001","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries.\n\nAlien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803.  The library embeds other images libraries that also have known vulnerabilities."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-1395","description":"CWE-1395 Dependency on Vulnerable Third-Party Component","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-05-11T19:04:40.885Z","orgId":"9b29abf9-4ab0-4765-b253-1875cd9b441e","shortName":"CPANSec"},"references":[{"url":"https://freeimage.sourceforge.io/"},{"url":"https://metacpan.org/release/KMX/Alien-FreeImage-1.001/source/src/Source"},{"tags":["vendor-advisory"],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-0852"},{"tags":["vendor-advisory"],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-65803"},{"tags":["issue-tracking"],"url":"https://github.com/kmx/alien-freeimage/issues/4"},{"tags":["issue-tracking"],"url":"https://github.com/kmx/alien-freeimage/issues/5"}],"source":{"discovery":"UNKNOWN"},"timeline":[{"lang":"en","time":"2017-07-11T00:00:00.000Z","value":"Alien::FreeImage released with FreeImage 3.17.0"},{"lang":"en","time":"2022-06-29T00:00:00.000Z","value":"Issues added to git repository regarding security vulnerabilities"},{"lang":"en","time":"2022-06-29T00:00:00.000Z","value":"Several issues added to CPANSA::DB"},{"lang":"en","time":"2026-03-27T00:00:00.000Z","value":"Issues logged with CPANSec"}],"title":"Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries","workarounds":[{"lang":"en","value":"The latest version of the FreeImage library is 3.18.0 from 2018, which also appears to have serious vulnerabilities.\n\nUsers are advised to use alternatives."}],"x_generator":{"engine":"cpansec-cna-tool 0.1"}}},"cveMetadata":{"assignerOrgId":"9b29abf9-4ab0-4765-b253-1875cd9b441e","assignerShortName":"CPANSec","cveId":"CVE-2022-4988","datePublished":"2026-05-11T19:04:40.885Z","dateReserved":"2026-05-08T07:05:02.847Z","dateUpdated":"2026-05-11T19:04:40.885Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-05-11 20:19:35","lastModifiedDate":"2026-05-12 16:48:58","problem_types":["CWE-1395 CWE-1395 Dependency on Vulnerable Third-Party Component"],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2022","CveId":"4988","Ordinal":"1","Title":"Alien::FreeImage versions through 1.001 for Perl contains severa","CVE":"CVE-2022-4988","Year":"2022"},"notes":[{"CveYear":"2022","CveId":"4988","Ordinal":"1","NoteData":"Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries.\n\nAlien::FreeImage contains version 3.17.0 of the FreeImage library from 2017, which has known vulnerabilities such as CVE-2015-0852 and CVE-2025-65803.  The library embeds other images libraries that also have known vulnerabilities.","Type":"Description","Title":"Alien::FreeImage versions through 1.001 for Perl contains severa"}]}}}