What is the severity of REDHAT-BUG-2313704?

The severity of REDHAT-BUG-2313704 is considered critical due to the heap buffer overflow vulnerability.

How do I fix REDHAT-BUG-2313704?

To fix REDHAT-BUG-2313704, users should upgrade to the latest version of FreeImage that addresses this vulnerability.

Which software is affected by REDHAT-BUG-2313704?

REDHAT-BUG-2313704 affects the FreeImage library.

What type of vulnerability is REDHAT-BUG-2313704?

REDHAT-BUG-2313704 is classified as a heap buffer overflow vulnerability.

Can REDHAT-BUG-2313704 be exploited remotely?

Yes, REDHAT-BUG-2313704 can potentially be exploited remotely if the vulnerable software is improperly configured.

Vulnerability/
REDHAT-BUG-2313704

medium

CWE

119

20/9/2024

27/9/2024

REDHAT-BUG-2313704: Buffer Overflow

First published: Fri Sep 20 2024(Updated: )

While doing fuzzing with AFL++ & Sydr. I found heap buffer overflow in read_iptc_profile: ==376632==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x602000000091 at pc 0x000000730e1d bp 0x7fffffffda90 sp 0x7fffffffda88 READ of size 1 at 0x602000000091 thread T0 [Detaching after fork from child process 376675] #0 0x730e1c in read_iptc_profile /freeimage-svn/FreeImage/trunk/Source/Metadata/IPTC.cpp:74:7 #1 0x654cae in tiff_read_iptc_profile(tiff*, FIBITMAP*) /freeimage-svn/FreeImage/trunk/Source/FreeImage/PluginTIFF.cpp:790:10 #2 0x654cae in ReadMetadata(FreeImageIO*, void*, tiff*, FIBITMAP*) /freeimage-svn/FreeImage/trunk/Source/FreeImage/PluginTIFF.cpp:871:2 #3 0x64e5a2 in Load(FreeImageIO*, void*, int, int, void*) /freeimage-svn/FreeImage/trunk/Source/FreeImage/PluginTIFF.cpp:2320:3 #4 0x508deb in FreeImage_LoadFromHandle /freeimage-svn/FreeImage/trunk/Source/FreeImage/Plugin.cpp:386:24 #5 0x4ff0bb in FreeImage_LoadFromMemory /freeimage-svn/FreeImage/trunk/Source/FreeImage/MemoryIO.cpp:88:10 #6 0x4e0505 in LLVMFuzzerTestOneInput /load_from_memory_tiff_fuzzer.cc:35:26 #7 0x4e00c4 in main /afl.cc:36:9 #8 0x7ffff7a730b2 in __libc_start_main /build/glibc-eX1tMB/glibc-2.31/csu/../csu/libc-start.c:308:16 #9 0x425fbd in _start (/load_from_memory_tiff_afl+0x425fbd) In File /freeimage-svn/FreeImage/trunk/Source/Metadata/IPTC.cpp:74 71 // find start of the BIM portion of the binary data 72 size_t offset = 0; 73 while(offset < length - 1) { --->74 if((profile[offset] == 0x1C) && (profile[offset+1] == 0x02)) 75 break; 76 offset++; 77 } 78 79 // for each tag 80 while (offset < length) { 81 82 // identifies start of a tag

Affected Software	Affected Version	How to fix
FreeImage

Never miss a vulnerability like this again

Reference Links

https://bugzilla.redhat.com/show_bug.cgi?id=2313704

Frequently Asked Questions

What is the severity of REDHAT-BUG-2313704?
The severity of REDHAT-BUG-2313704 is considered critical due to the heap buffer overflow vulnerability.
How do I fix REDHAT-BUG-2313704?
To fix REDHAT-BUG-2313704, users should upgrade to the latest version of FreeImage that addresses this vulnerability.
Which software is affected by REDHAT-BUG-2313704?
REDHAT-BUG-2313704 affects the FreeImage library.
What type of vulnerability is REDHAT-BUG-2313704?
REDHAT-BUG-2313704 is classified as a heap buffer overflow vulnerability.
Can REDHAT-BUG-2313704 be exploited remotely?
Yes, REDHAT-BUG-2313704 can potentially be exploited remotely if the vulnerable software is improperly configured.

agent/weakness
agent/references
agent/severity
agent/first-publish-date
agent/type
agent/event
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2024-9029
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/freeimage
canonical/freeimage