What is the severity of CVE-2024-9029?

CVE-2024-9029 has been classified with a high severity due to its potential to cause application crashes.

How do I fix CVE-2024-9029?

To fix CVE-2024-9029, you should update to the latest version of the FreeImage library that addresses this vulnerability.

What type of vulnerability is CVE-2024-9029?

CVE-2024-9029 is a buffer over-read vulnerability found in the read_iptc_profile function of the FreeImage library.

What software is affected by CVE-2024-9029?

CVE-2024-9029 affects the FreeImage library, specifically in applications that utilize this library for image processing.

What happens if I don't address CVE-2024-9029?

Failing to address CVE-2024-9029 may lead to application crashes and potential denial of service in software relying on the vulnerable library.

Vulnerability/
CVE-2024-9029

high

7.5

CWE

126 119

EPSS

0.043%

20/9/2024

27/9/2024

30/9/2024

CVE-2024-9029: Freeimage: heap buffer overflow in tiff_read_iptc_profile

First published: Fri Sep 20 2024(Updated: )

A flaw was found in the freeimage library. Processing a crafted image can cause a buffer over-read of 1 byte in the read_iptc_profile function in the Source/Metadata/IPTC.cpp file because the size of the profile is not being sanitized, causing a crash in the application linked to the library, resulting in a denial of service.

Credit: patrick@puiterwijk.org

Affected Software	Affected Version	How to fix
FreeImage

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2024-9029?
CVE-2024-9029 has been classified with a high severity due to its potential to cause application crashes.
How do I fix CVE-2024-9029?
To fix CVE-2024-9029, you should update to the latest version of the FreeImage library that addresses this vulnerability.
What type of vulnerability is CVE-2024-9029?
CVE-2024-9029 is a buffer over-read vulnerability found in the read_iptc_profile function of the FreeImage library.
What software is affected by CVE-2024-9029?
CVE-2024-9029 affects the FreeImage library, specifically in applications that utilize this library for image processing.
What happens if I don't address CVE-2024-9029?
Failing to address CVE-2024-9029 may lead to application crashes and potential denial of service in software relying on the vulnerable library.

agent/references
agent/title
agent/type
agent/weakness
agent/first-publish-date
agent/severity
agent/author
agent/event
collector/nvd-api
source/NVD
agent/last-modified-date
collector/mitre-cve
source/MITRE
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-9029
agent/trending
collector/epss-latest
source/FIRST
agent/epss
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/freeimage
canonical/freeimage

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.