CVE-2024-9029

Published Sep 27, 2024

Last updated 7 months ago

CVSS high 7.5

Overview

Description
A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service.
Source
patrick@puiterwijk.org
NVD status
Analyzed
Products
freeimage

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

patrick@puiterwijk.org
CWE-126

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. FreeImage 3.18.0 contains a Use After Free in PluginTARGA.cpp;loadRLE().CVE-2025-70968
  2. An integer overflow in the psdParser::ReadImageData function of FreeImage v3.18.0 and before allows attackers to cause a Denial of Service (DoS) via supplying a crafted PSD file.CVE-2025-65803
  3. libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file.CVE-2024-31570
  4. Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format.CVE-2024-28584
  5. Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format.CVE-2024-28583

References

Sources include official advisories and independent security research.