CVE-2024-28573 identifies a buffer overflow vulnerability in the FreeImage open source library version 3.19.0, specifically within the jpeg_read_exif_profile() function responsible for parsing EXIF metadata in JPEG images. Buffer overflow (CWE-121) occurs when the function improperly handles input data size, leading to memory corruption. This vulnerability can be exploited by a local attacker who supplies a maliciously crafted JPEG file to an application using FreeImage for image processing. Exploitation results in a denial of service (DoS) by crashing the application, potentially causing service interruptions or application instability. The vulnerability requires local access (attack vector: local), no privileges, and no user interaction, limiting remote exploitation possibilities. The CVSS v3.1 base score is 6.2, reflecting medium severity due to the impact on availability only and the local attack vector. No known public exploits or patches have been reported yet, indicating the need for proactive mitigation. This vulnerability is significant for software relying on FreeImage for image handling, especially in environments where local users can supply image files.

The primary impact of CVE-2024-28573 is denial of service, which can disrupt applications or services that utilize FreeImage for JPEG image processing. This may affect desktop applications, image editing tools, or any software component that processes images locally using this library. While it does not compromise confidentiality or integrity, repeated crashes or service interruptions can degrade user experience, reduce productivity, and potentially cause data loss if the application does not handle crashes gracefully. Organizations relying on FreeImage in critical workflows or embedded systems may face operational risks. Since exploitation requires local access, the threat is more relevant in multi-user systems, shared environments, or scenarios where untrusted users can supply image files. The absence of known exploits limits immediate risk, but the vulnerability could be leveraged in targeted attacks or combined with other vulnerabilities for escalation.

To mitigate CVE-2024-28573, organizations should first monitor for updates or patches from the FreeImage project and apply them promptly once available. Until a patch is released, consider the following specific actions: 1) Restrict local user permissions to limit who can supply or process JPEG images using FreeImage-based applications. 2) Implement input validation or filtering to detect and block suspicious or malformed JPEG files before processing. 3) Use application sandboxing or process isolation to contain potential crashes and prevent system-wide impact. 4) Employ runtime protections such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP) to reduce exploitation success. 5) Audit and review software dependencies to identify and replace FreeImage usage with alternative libraries if feasible. 6) Educate users about the risks of opening untrusted image files locally. These targeted mitigations go beyond generic advice by focusing on controlling local file inputs and isolating vulnerable components.