Skip to main content
CVE Vulnerability Database

CVE-2024-9029: FreeImage Library DoS Vulnerability

CVE-2024-9029 is a denial of service flaw in FreeImage library caused by a buffer over-read when processing crafted images. This article covers the technical details, affected versions, impact, and mitigation strategies.

Published:

CVE-2024-9029 Overview

CVE-2024-9029 is a buffer over-read vulnerability in the FreeImage library, an open-source image decoding library used by many desktop and server applications. The flaw resides in the read_iptc_profile function within Source/Metadata/IPTC.cpp. The function fails to sanitize the size of the IPTC profile before reading it, leading to a one-byte out-of-bounds read when processing a crafted image. Applications linked against FreeImage crash when parsing the malicious file, resulting in denial of service. The vulnerability is network-reachable through any workflow that accepts attacker-supplied images.

Critical Impact

Remote attackers can crash any application using FreeImage by supplying a crafted image, causing denial of service in image processing pipelines and document workflows.

Affected Products

  • FreeImage library (all versions, no fixed release identified upstream)
  • Applications statically or dynamically linked against freeimage_project:freeimage
  • Downstream distributions packaging FreeImage as a system library

Discovery Timeline

  • 2024-09-27 - CVE-2024-9029 published to the National Vulnerability Database (NVD)
  • 2026-06-17 - Last updated in the NVD database

Technical Details for CVE-2024-9029

Vulnerability Analysis

The defect is a one-byte buffer over-read [CWE-126] in the IPTC metadata parser. FreeImage exposes the read_iptc_profile routine to decode embedded IPTC application records inside image containers such as JPEG, TIFF, and PSD. The parser trusts the profile length stored in the file header and uses it to drive read operations across the in-memory buffer. When a crafted image declares a profile size that exceeds the actual buffer, the parser reads one byte past the allocated region. The over-read corrupts parser state or triggers a memory access fault, causing the host process to terminate.

Root Cause

The root cause is missing bounds validation on attacker-controlled length metadata. The read_iptc_profile function in Source/Metadata/IPTC.cpp does not verify that the declared profile size fits within the remaining input buffer before iterating across the profile bytes. Input validation must occur before the size value is used as a loop bound or pointer offset.

Attack Vector

An attacker delivers a crafted image to any service or client that calls into FreeImage for metadata extraction. Typical delivery channels include web upload endpoints, email attachments, document conversion pipelines, and thumbnail generators. No authentication or user interaction is required beyond submitting the file. The impact is limited to availability; the over-read does not disclose secrets or grant code execution under documented conditions. Technical details are tracked in the Red Hat Bug Report #2313704 and the SourceForge Bug Report #351.

Detection Methods for CVE-2024-9029

Indicators of Compromise

  • Repeated crashes or segmentation faults in processes that load libfreeimage.so or FreeImage.dll
  • Core dumps showing the faulting frame inside read_iptc_profile or Source/Metadata/IPTC.cpp
  • Image upload requests followed by service restarts or worker recycling in web application logs

Detection Strategies

  • Inspect crash telemetry for stack frames referencing FreeImage IPTC parsing routines.
  • Apply file-format scanners that flag malformed IPTC application record lengths in JPEG, TIFF, and PSD inputs.
  • Correlate image upload events with downstream process termination events on image-processing workers.

Monitoring Recommendations

  • Forward application crash logs and core dump metadata to a centralized analytics platform for stack-frame analysis.
  • Monitor image conversion services for elevated 5xx error rates following uploads of small or unusual image files.
  • Track binary inventory for components linking against FreeImage to scope exposure across the estate.

How to Mitigate CVE-2024-9029

Immediate Actions Required

  • Inventory all applications and container images that bundle or link against FreeImage.
  • Restrict image upload endpoints to authenticated users and enforce strict file-type allowlists.
  • Sandbox image parsing in a separate process or container so a crash does not terminate the parent service.

Patch Information

No official upstream patch release has been published in the referenced advisories. Track the SourceForge Bug Report #351 and downstream distribution updates such as the Red Hat Bug Report #2313704 for fixed package versions. Apply distribution updates as soon as backported fixes become available.

Workarounds

  • Disable IPTC metadata extraction in calling applications where the API permits, bypassing the vulnerable code path.
  • Pre-validate uploaded images with a hardened parser, such as ImageMagick with policy restrictions, before handing them to FreeImage.
  • Run image-processing workers under a supervisor that automatically restarts crashed processes to reduce service disruption.
bash
# Example: isolate FreeImage workloads with systemd hardening
[Service]
ExecStart=/usr/local/bin/image-worker
Restart=on-failure
RestartSec=2
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
MemoryDenyWriteExecute=true

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.