Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-9029

A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service.

Published

2024-09-27T07:15:05.800

Last Modified

2025-08-08T01:36:55.843

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-126

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	freeimage_project	freeimage	-	Yes

References

https://bugzilla.redhat.com/show_bug.cgi?id=2313704 Issue Tracking, Third Party Advisory ([email protected])
https://sourceforge.net/p/freeimage/bugs/351/ Exploit, Issue Tracking ([email protected])