CVE-2025-65803 is an integer overflow vulnerability identified in the psdParser::ReadImageData function within FreeImage version 3.18.0 and earlier. FreeImage is an open-source library widely used for image processing and supports multiple image formats, including Adobe Photoshop's PSD files. The vulnerability arises when the function incorrectly handles certain size or length fields in a crafted PSD file, causing an integer overflow during the calculation of buffer sizes or offsets. This overflow can lead to memory corruption or buffer overflows, which in this case result in a denial of service (DoS) by crashing or hanging the application processing the file. The vulnerability does not allow code execution or data manipulation but disrupts availability. Exploitation requires an attacker to supply a malicious PSD file and trick a user or system into opening or processing it, thus requiring user interaction but no privileges. The CVSS v3.1 base score is 6.5, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, and impact limited to availability. No patches or fixes have been released yet, and no known exploits are reported in the wild. The vulnerability is classified under CWE-190 (Integer Overflow or Wraparound).

For European organizations, this vulnerability primarily threatens availability of systems that utilize FreeImage for processing PSD files. This includes graphic design firms, media companies, software developers, and any enterprise applications that integrate FreeImage for image manipulation. A successful exploit can cause application crashes or hangs, leading to service disruptions, workflow interruptions, and potential productivity losses. While it does not compromise data confidentiality or integrity, repeated or targeted DoS attacks could degrade service reliability and impact business operations. Organizations relying on automated image processing pipelines or web services that accept PSD uploads are particularly at risk. The lack of known exploits reduces immediate risk, but the medium severity score indicates a need for proactive mitigation. The impact is more pronounced in environments where FreeImage is embedded in critical or high-availability systems.

1. Immediately audit and inventory all software and systems using FreeImage, especially versions 3.18.0 and earlier. 2. Avoid opening or processing PSD files from untrusted or unknown sources until a patch is available. 3. Implement sandboxing or containerization for image processing tasks to isolate potential crashes and prevent system-wide impact. 4. Monitor FreeImage project communications and security advisories closely for forthcoming patches or updates addressing this vulnerability. 5. Employ input validation and file integrity checks to detect malformed or suspicious PSD files before processing. 6. Consider alternative image processing libraries or updated versions that do not contain this vulnerability if feasible. 7. Educate users about the risks of opening unsolicited or suspicious PSD files. 8. Incorporate application-level timeouts and error handling to gracefully recover from crashes caused by malformed images.