CVE-2024-28584

Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
3.3 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
freeimage_projectfreeimage
3.19.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
freeimage
bullseye (security)
vulnerable
bullseye
no-dsa
bookworm
no-dsa
buster
postponed
bookworm (security)
vulnerable
sid
vulnerable
trixie
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
freeimage
plucky
deferred
oracular
deferred
noble
deferred
mantic
ignored
jammy
deferred
focal
deferred
bionic
deferred
xenial
deferred
trusty
deferred
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2024/04/11/10
http://www.openwall.com/lists/oss-security/2024/04/11/2
http://www.openwall.com/lists/oss-security/2024/04/11/3
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
http://www.openwall.com/lists/oss-security/2024/04/11/10
http://www.openwall.com/lists/oss-security/2024/04/11/2
http://www.openwall.com/lists/oss-security/2024/04/11/3
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909