ByteOS Network

Vulnerability Details :

CVE-2024-9029

Assigner-fedora

Assigner Org ID-92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5

Published At-27 Sep, 2024 | 06:51

Updated At-27 Sep, 2024 | 14:32

Freeimage: heap buffer overflow in tiff_read_iptc_profile

A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:fedora

Assigner Org ID:92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5

Published At:27 Sep, 2024 | 06:51

Updated At:27 Sep, 2024 | 14:32

▼CVE Numbering Authority (CNA)

Freeimage: heap buffer overflow in tiff_read_iptc_profile

Affected Products

Collection URL

https://sourceforge.net/projects/freeimage

Package Name

freeimage

Default Status

affected

Problem Types

Type	CWE ID	Description
CWE	CWE-126	Buffer Over-read

Type: CWE

CWE ID: CWE-126

Description: Buffer Over-read

Metrics

Version	Base score	Base severity	Vector
3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Metrics Other Info

Red Hat severity rating

value:

Moderate

namespace:

https://access.redhat.com/security/updates/classification/

Timeline

Event	Date
Reported to Red Hat.	2024-09-20 04:37:13
Made public.	2022-08-02 12:00:00

Event: Reported to Red Hat.

Date: 2024-09-20 04:37:13

Event: Made public.

Date: 2022-08-02 12:00:00

References

Hyperlink	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2313704	issue-tracking x_refsource_REDHAT
https://sourceforge.net/p/freeimage/bugs/351/	N/A

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=2313704

Resource:

issue-tracking

x_refsource_REDHAT

Hyperlink: https://sourceforge.net/p/freeimage/bugs/351/

Resource: N/A

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Affected Products

Vendor

freeimage_project

Product

freeimage

CPEs

cpe:2.3:a:freeimage_project:freeimage:*:*:*:*:*:*:*:*

Default Status

unknown

Versions

Affected

From 0 before * (custom)

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:patrick@puiterwijk.org

Published At:27 Sep, 2024 | 07:15

Updated At:08 Aug, 2025 | 01:36

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Type: Secondary

Version: 3.1

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CPE Matches

freeimage_project>>freeimage>>-

cpe:2.3:a:freeimage_project:freeimage:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-126	Secondary	patrick@puiterwijk.org

CWE ID: CWE-126

Type: Secondary

Source: patrick@puiterwijk.org

References

Hyperlink	Source	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=2313704	patrick@puiterwijk.org	Issue Tracking Third Party Advisory
https://sourceforge.net/p/freeimage/bugs/351/	patrick@puiterwijk.org	Exploit Issue Tracking