Skip to main content

Freeimage CVE-2024-9029

HIGH
Buffer Over-read (CWE-126)
2024-09-27 patrick@puiterwijk.org
7.5
CVSS 3.1 · Vendor: puiterwijk
Share

Severity by source

Vendor (puiterwijk) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from Vendor (puiterwijk) · only source for this CVE.

CVSS VectorVendor: puiterwijk

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Sep 27, 2024 - 07:15 cve.org
HIGH 7.5

DescriptionCVE.org

A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service.

AnalysisAI

A flaw was found in the freeimage library. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-126. A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service. Affected products include: Freeimage Project Freeimage.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2025-70968 CRITICAL POC
9.8 Jan 14

FreeImage 3.18.0 has a use-after-free in the TARGA plugin's loadRLE function. Processing a malicious TGA file can lead t

CVE-2023-47992 HIGH POC
8.8 Jan 09

An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sen

CVE-2023-47994 HIGH POC
8.8 Jan 09

An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to

CVE-2024-28582 HIGH POC
8.4 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28581 HIGH POC
8.4 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28580 HIGH POC
8.4 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28578 HIGH POC
8.4 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28566 HIGH POC
8.4 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28583 HIGH POC
7.8 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2024-28569 HIGH POC
7.8 Mar 20

Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary cod

CVE-2019-12214 HIGH POC
7.5 May 20

In FreeImage 3.18.0, an out-of-bounds access occurs because of mishandling of the OpenJPEG j2k_read_ppm_v3 function in j

CVE-2019-12212 HIGH POC
7.5 May 20

When FreeImage 3.18.0 reads a special JXR file, the StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due

Share

CVE-2024-9029 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy