Login Sign Up

CVE-2024-28569

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in FreeImage v3.19.0 allows local attackers to execute arbitrary code by exploiting the Imf_2_2::Xdr::read() function when processing EXR format images. This affects any application using the vulnerable FreeImage library to handle EXR files. Attackers could gain full control of affected systems.

💻 Affected Systems

Products:
  • FreeImage
Versions: Version 3.19.0 (r1909)
Operating Systems: All platforms where FreeImage is used
Default Config Vulnerable: ⚠️ Yes
Notes: Any application linking against FreeImage library that processes EXR images is vulnerable.

📦 What is this software?

Freeimage by Freeimage Project

View all CVEs affecting Freeimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining root/admin privileges and persistent access.

🟠

Likely Case

Local privilege escalation leading to data theft, lateral movement, or ransomware deployment.

🟢

If Mitigated

Limited impact if application runs with minimal privileges and proper sandboxing/isolation.

🌐 Internet-Facing: LOW - Requires local access or ability to upload EXR files to vulnerable application.
🏢 Internal Only: HIGH - Local attackers or malware could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires local access or ability to trigger EXR file processing. Public PoC available in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check FreeImage GitHub for latest version > 3.19.0

Vendor Advisory: https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909

Restart Required: Yes

Instructions:

1. Check current FreeImage version. 2. Update to latest FreeImage version from official repository. 3. Recompile applications using FreeImage. 4. Restart affected services.

🔧 Temporary Workarounds

Disable EXR support

all

Disable EXR format processing in FreeImage or applications using it

Recompile FreeImage with EXR support disabled via build configuration

Application sandboxing

linux

Run applications using FreeImage with minimal privileges and sandboxing

Use SELinux/AppArmor policies to restrict file access and system calls

🧯 If You Can't Patch

  • Implement strict file upload validation to block EXR files
  • Run vulnerable applications in isolated containers with no network access

🔍 How to Verify

Check if Vulnerable:

Check if FreeImage version is 3.19.0 and application processes EXR files

Check Version:

ldd /path/to/application | grep -i freeimage && check library version

Verify Fix Applied:

Verify FreeImage version is updated and EXR file processing no longer triggers crashes

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing EXR files
  • Unexpected child process creation from image processing services

Network Indicators:

  • Unusual outbound connections from image processing services

SIEM Query:

Process: (freeimage OR application_name) AND Event: (Crash OR AccessViolation) AND FileExtension: exr

📊 Metadata

CVE ID: CVE-2024-28569
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: March 20, 2024
Last Updated: March 28, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28569, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)