CVE-2022-4988: Alien::FreeImage versions through 1.001 for Perl contains several vulnerable libraries
Robert Rothenberg 11 May 2026 19:07 UTC
========================================================================
CVE-2022-4988 CPAN Security Group
========================================================================
CVE ID: CVE-2022-4988
Distribution: Alien-FreeImage
Versions: through 1.001
MetaCPAN: https://metacpan.org/dist/Alien-FreeImage
VCS Repo: https://github.com/kmx/alien-freeimage
Alien::FreeImage versions through 1.001 for Perl contains several
vulnerable libraries
Description
-----------
Alien::FreeImage versions through 1.001 for Perl contains several
vulnerable libraries.
Alien::FreeImage contains version 3.17.0 of the FreeImage library from
2017, which has known vulnerabilities such as CVE-2015-0852 and
CVE-2025-65803. The library embeds other images libraries that also
have known vulnerabilities.
Problem types
-------------
- CWE-1395 Dependency on Vulnerable Third-Party Component
Workarounds
-----------
The latest version of the FreeImage library is 3.18.0 from 2018, which
also appears to have serious vulnerabilities.
Users are advised to use alternatives.
References
----------
https://freeimage.sourceforge.io/
https://metacpan.org/release/KMX/Alien-FreeImage-1.001/source/src/Source
https://nvd.nist.gov/vuln/detail/CVE-2015-0852
https://nvd.nist.gov/vuln/detail/CVE-2025-65803
https://github.com/kmx/alien-freeimage/issues/4
https://github.com/kmx/alien-freeimage/issues/5
Timeline
--------
- 2017-07-11: Alien::FreeImage released with FreeImage 3.17.0
- 2022-06-29: Issues added to git repository regarding security
vulnerabilities
- 2022-06-29: Several issues added to CPANSA::DB
- 2026-03-27: Issues logged with CPANSec
