CVE-2024-9029

Sept. 30, 2024, 12:46 p.m.

7.5
High

Description

A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service.

Product(s) Impacted

Product Versions
FreeImage
  • []

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-126
Buffer Over-read
The product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2313704
https://sourceforge.net/p/freeimage/bugs/351/

Tags

CWE-126
patrick@puiterwijk.org
2024-09-27
CVE-2024-9029

CVSS Score

7.5 / 10

CVSS Data - 3.1

  • Attack Vector: NETWORK
  • Attack Complexity: LOW
  • Privileges Required: NONE
  • Scope: UNCHANGED
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: HIGH

    • CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    View Vector String

Timeline

Published: Sept. 27, 2024, 7:15 a.m.
Last Modified: Sept. 30, 2024, 12:46 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

patrick@puiterwijk.org

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.