CVE-2024-28575 identifies a buffer overflow vulnerability in FreeImage version 3.19.0 [r1909], an open source library widely used for image processing. The flaw resides in the opj_j2k_read_mct() function, which handles images in the JPEG 2000 (J2K) format. When processing crafted J2K images, the function improperly manages memory buffers, leading to an overflow condition. This vulnerability allows a local attacker to cause a denial of service by crashing the application or service using FreeImage, potentially disrupting operations. The vulnerability is classified under CWE-121 (Stack-based Buffer Overflow). The CVSS v3.1 base score is 8.4, indicating high severity, with an attack vector limited to local access (AV:L), low attack complexity (AC:L), no privileges required (PR:N), and no user interaction (UI:N). The impact affects availability only, with no confidentiality or integrity loss. No patches or fixes are currently linked, and no exploits have been reported in the wild. This vulnerability is significant for environments where FreeImage processes untrusted or user-supplied J2K images, especially in local or multi-user systems.

The primary impact of CVE-2024-28575 is denial of service, which can disrupt applications or services relying on FreeImage for image processing. Organizations using FreeImage in desktop applications, image editing tools, or backend image processing pipelines may experience crashes or service interruptions if malicious or malformed J2K images are processed. Although the attack requires local access, this can be a concern in shared environments, development workstations, or systems where users can upload or process images locally. The lack of confidentiality or integrity impact reduces the risk of data breaches, but availability disruptions can affect productivity and service reliability. Industries such as digital media, publishing, scientific imaging, and software development that utilize FreeImage are particularly vulnerable. The absence of known exploits reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits given the public disclosure.

To mitigate CVE-2024-28575, organizations should: 1) Monitor FreeImage project updates and apply patches promptly once available. 2) Restrict local access to systems processing J2K images to trusted users only, minimizing exposure to untrusted inputs. 3) Implement input validation and sanitization for J2K images before processing with FreeImage, potentially using alternative libraries or sandboxing image processing tasks. 4) Employ application-level monitoring to detect crashes or abnormal behavior indicative of exploitation attempts. 5) Consider disabling J2K image support in FreeImage if not required, reducing the attack surface. 6) Use operating system-level protections such as address space layout randomization (ASLR) and stack canaries to mitigate buffer overflow exploitation. 7) Educate developers and system administrators about the vulnerability and safe handling of image files. These steps go beyond generic advice by focusing on local access control, input validation, and proactive monitoring tailored to the vulnerability's characteristics.