CVE-2024-9029

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-9029
A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2313704 Issue Tracking Third Party Advisory
https://sourceforge.net/p/freeimage/bugs/351/ Exploit Issue Tracking
Configurations

Configuration 1 (hide)

cpe:2.3:a:freeimage_project:freeimage:-:*:*:*:*:*:*:*
History

08 Aug 2025, 01:36

Type Values Removed Values Added
CPE cpe:2.3:a:freeimage_project:freeimage:-:*:*:*:*:*:*:*
References () https://bugzilla.redhat.com/show_bug.cgi?id=2313704 - () https://bugzilla.redhat.com/show_bug.cgi?id=2313704 - Issue Tracking, Third Party Advisory
References () https://sourceforge.net/p/freeimage/bugs/351/ - () https://sourceforge.net/p/freeimage/bugs/351/ - Exploit, Issue Tracking
First Time Freeimage Project
Freeimage Project freeimage

27 Sep 2024, 13:15

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla en la librería freeimage. El procesamiento de una imagen creada puede provocar una sobrelectura del búfer de 1 byte en la función read_iptc_profile en el archivo Source/Metadata/IPTC.cpp debido a que no se está depurando el tamaño del perfil, lo que provoca un bloqueo en la aplicación vinculada a la librería y, como resultado, una denegación de servicio.
Summary (en) A flaw was found in freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service. (en) A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service.

27 Sep 2024, 07:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-27 07:15

Updated : 2025-08-08 01:36

NVD link : CVE-2024-9029

Mitre link : CVE-2024-9029

CVE.ORG link : CVE-2024-9029

JSON object : View

Products Affected

freeimage_project

  • freeimage
CWE
CWE-126

Buffer Over-read