Bug ID

1223861

Summary

VUL-0: CVE-2024-28584: freeimage: buffer overflow via the J2KImageToFIBITMAP() function when reading images in J2K format

Classification

openSUSE

Product

openSUSE Distribution

Version

Leap 15.6

Hardware

Other

URL

https://smash.suse.de/issue/401505/

Other

Status

NEW

Severity

Normal

Priority

P5 - None

Component

Security

Assignee

security-team@suse.de

Reporter

smash_bz@suse.de

QA Contact

security-team@suse.de

camila.matos@suse.com

Target Milestone

---

Found By

Security Response Team

Blocker

---

Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0
[r1909] allows a local attacker to cause a denial of service (DoS) via the
J2KImageToFIBITMAP() function when reading images in J2K format.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-28584
https://seclists.org/oss-sec/2024/q2/89
http://www.openwall.com/lists/oss-security/2024/04/11/3
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909
https://www.cve.org/CVERecord?id=CVE-2024-28584
http://www.openwall.com/lists/oss-security/2024/04/11/10
http://www.openwall.com/lists/oss-security/2024/04/11/2