Buffer Overflow in FreeImage Open Source Software
CVE-2024-28563

Currently unrated

Key Information:

Vendor: FreeImage
Status: FreeImage
Vendor: CVE Published:; 20 March 2024

What is CVE-2024-28563?

A buffer overflow vulnerability exists in FreeImage v.3.19.0, specifically within the Imf_2_2::DwaCompressor::Classifier::Classifier() function. This flaw enables a local attacker to exploit the way images in EXR format are handled, potentially leading to a denial of service (DoS) condition. By carefully crafting an EXR image, the attacker may cause unexpected behavior or crash the application, highlighting the need for prompt remediation.

References

https://github.com/Ruanxingzhi/vul-report/tree/master/fre...

http://www.openwall.com/lists/oss-security/2024/04/11/3

mailing-list

http://www.openwall.com/lists/oss-security/2024/04/11/10

mailing-list

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 20, 2024
Vulnerability Reserved
Mar 8, 2024

JSON