Skip to main content

Freeimage CVE-2024-28562

MEDIUM
Out-of-bounds Write (CWE-787)
2024-03-20 cve@mitre.org
6.8
CVSS 3.1 · Vendor: mitre
Share

Severity by source

Vendor (mitre) PRIMARY
6.8 MEDIUM
AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

Primary rating from Vendor (mitre) · only source for this CVE.

CVSS VectorVendor: mitre

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
Mar 20, 2024 - 06:15 cve.org
MEDIUM 6.8

DescriptionCVE.org

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format.

AnalysisAI

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format. Affected products include: Freeimage Project Freeimage.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2025-70968 CRITICAL POC
9.8 Jan 14

FreeImage 3.18.0 has a use-after-free in the TARGA plugin's loadRLE function. Processing a malicious TGA file can lead t

CVE-2023-47992 HIGH POC
8.8 Jan 09

An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sen

CVE-2023-47994 HIGH POC
8.8 Jan 09

An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to

CVE-2024-28582 HIGH POC
8.4 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28581 HIGH POC
8.4 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28580 HIGH POC
8.4 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28578 HIGH POC
8.4 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28566 HIGH POC
8.4 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28583 HIGH POC
7.8 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28569 HIGH POC
7.8 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-9029 HIGH POC
7.5 Sep 27

A flaw was found in the freeimage library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, n

CVE-2019-12214 HIGH POC
7.5 May 20

In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j

Share

CVE-2024-28562 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy