CVE-2024-28580 – A buffer overflow vulnerability in FreeImage v3... (How to Fix)

Q: What is the severity of CVE-2024-28580?

CVE-2024-28580 has a CVSS score of 8.4 (HIGH). A buffer overflow vulnerability in FreeImage v3.19.0 allows local attackers to execute arbitrary code by exploiting the ReadData() function when processing RAS format images. This affects any application using the vulnerable FreeImage library for image processing. Attackers could gain full control of affected systems.

📋 TL;DR

A buffer overflow vulnerability in FreeImage v3.19.0 allows local attackers to execute arbitrary code by exploiting the ReadData() function when processing RAS format images. This affects any application using the vulnerable FreeImage library for image processing. Attackers could gain full control of affected systems.

💻 Affected Systems

Products:

FreeImage

Versions: Version 3.19.0 (specifically revision r1909)

Operating Systems: All platforms where FreeImage is installed

Default Config Vulnerable: ⚠️ Yes

Notes: Any application that uses FreeImage library to process RAS format images is vulnerable.

📦 What is this software?

Freeimage by Freeimage Project

View all CVEs affecting Freeimage →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining root/admin privileges and persistent access.

🟠

Likely Case

Local privilege escalation leading to data theft, lateral movement, or installation of malware.

🟢

If Mitigated

Limited impact if proper sandboxing, privilege separation, and memory protection are implemented.

🌐 Internet-Facing: LOW (requires local access to exploit)

🏢 Internal Only: HIGH (local attackers can exploit this for privilege escalation)

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires local access and ability to trigger RAS image processing. Public proof-of-concept exists in the referenced GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or apply workarounds.

🔧 Temporary Workarounds

Disable RAS format support

linux

Remove or disable RAS format plugin to prevent exploitation

mv /usr/lib/freeimage/FreeImageRAS.so /usr/lib/freeimage/FreeImageRAS.so.disabled
mv /usr/local/lib/freeimage/FreeImageRAS.so /usr/local/lib/freeimage/FreeImageRAS.so.disabled

Application sandboxing

all

Run applications using FreeImage in restricted containers or sandboxes

docker run --security-opt=no-new-privileges -it application_image

🧯 If You Can't Patch

Implement strict file upload validation to reject RAS format images
Apply principle of least privilege to applications using FreeImage

🔍 How to Verify

Check if Vulnerable:

Check FreeImage version: grep -r '3.19.0' /usr/include/freeimage/FreeImage.h or check installed package version

Check Version:

pkg-config --modversion freeimage || find /usr -name '*freeimage*' -type f -exec strings {} \; | grep -i version

Verify Fix Applied:

Verify RAS plugin is disabled: ls -la /usr/lib/freeimage/*RAS* should show disabled or missing files

📡 Detection & Monitoring

Log Indicators:

Process crashes in applications using FreeImage
Unusual RAS file processing attempts
Memory access violation errors

Network Indicators:

Not applicable - local exploit

SIEM Query:

Process:FreeImage AND (EventID:1000 OR ExceptionCode:c0000005)

📊 Metadata

CVE ID: CVE-2024-28580

CVSS v3 Score: 8.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-121

Published: March 20, 2024

Last Updated: March 28, 2025

🔗 References

https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Exploit,Third Party Advisory
https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28580, you might also want to check these: