Memory Leak in freeglut 3.4.0 Affects Multiple Applications
CVE-2024-24258

7.5HIGH

Key Information:

Vendor: Artifex
Status: MuPDF
Vendor: CVE Published:; 5 February 2024

What is CVE-2024-24258?

In freeglut version 3.4.0, a memory leak has been identified within the glutAddSubMenu function, particularly involving the menuEntry variable. This vulnerability could lead to unintentional memory consumption and affect application performance and stability. It is crucial for developers and system administrators using this version to assess their applications and implement the appropriate mitigations.

References

https://github.com/yinluming13579/mupdf_defects/blob/main...

https://github.com/freeglut/freeglut/pull/155

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2024
Vulnerability Reserved
Jan 25, 2024

Artifex

What is CVE-2024-24258?

References

CVSS V3.1

Timeline