Memory Leak Vulnerability in Freeglut Affected by MenuEntry Variable
CVE-2024-24259

7.5HIGH

Key Information:

Vendor: Artifex
Status: MuPDF
Vendor: CVE Published:; 5 February 2024

What is CVE-2024-24259?

The Freeglut library, specifically versions prior to 3.4.0, has a vulnerability involving a memory leak through the menuEntry variable within the glutAddMenuEntry function. This loophole allows for excessive memory consumption, posing potential risks for applications utilizing the library, as it can lead to resource exhaustion over time, impacting system performance and reliability.

References

https://github.com/yinluming13579/mupdf_defects/blob/main...

https://github.com/freeglut/freeglut/pull/155

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 5, 2024
Vulnerability Reserved
Jan 25, 2024

Artifex

What is CVE-2024-24259?

References

CVSS V3.1

Timeline