#VU86367 Memory leak in freeglut - CVE-2024-24258

Cybersecurity Help s.r.o.

Published: 2024-02-13

Vulnerability identifier: #VU86367

Vulnerability risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-24258

CWE-ID: CWE-401

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
freeglut
Mobile applications / Libraries for mobile applications

Vendor: dcnieho

Description
The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak within the glutAddSubMenu() function. A remote attacker can force the application to leak memory and perform denial of service attack.

Mitigation
Install updates from vendor's repository.

Vulnerable software versions

freeglut: 1.3 - 3.4.0

External links
https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md
https://github.com/freeglut/freeglut/pull/155

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Anolis OS update for freeglut

Red Hat Enterprise Linux 8 update for freeglut

Red Hat Enterprise Linux 9 update for freeglut

openEuler update for freeglut

Fedora 38 update for freeglut

Fedora 39 update for freeglut

Multiple vulnerabilities in freeglut