CVE-2024-24258
published 2024-02-05CVE-2024-24258: freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
PriorityP335high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.15%
62.8th percentile
freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | mupdf | — | — |
| debian | freeglut | — | — |
| msrc | azl3_freeglut_3.4.0-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5LOW
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Freeglut vulnerabilities
vendor_ubuntu·2025-11-17
CVE-2024-24258 Freeglut vulnerabilities
Title: Freeglut vulnerabilities
Summary: Several security issues were fixed in Freeglut.
It was discovered that Freeglut incorrectly managed memory, resulting in a
memory leak. An attacker could possibly use this issue to cause a denial of
service.
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
vendor_msrc·2024-02-13·CVSS 7.5
CVE-2024-24258 [HIGH] CWE-401 freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
mitre: mitre
Customer Action Required: Yes
R
Red Hat
freeglut: memory leak via glutAddSubMenu() function
vendor_redhat·2024-02-12·CVSS 7.5
CVE-2024-24258 [HIGH] CWE-401 freeglut: memory leak via glutAddSubMenu() function
freeglut: memory leak via glutAddSubMenu() function
freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
A memory leak flaw was found in the glutAddSubMenu function of freeglut, an open-source alternative to the OpenGL Utility Toolkit. This flaw allows an attacker to launch a denial of service attack by crashing or hanging the program or taking advantage of other unexpected program behavior resulting from a low memory condition.
Statement: The flaw allows an attacker to potentially cause a denial of service attack by crashing a program, but the impact is minimal.
Package: freeglut (Red Hat Enterprise Linux 7) - Out of support scope
Debian
CVE-2024-24258: freeglut - freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variabl...
vendor_debian·2024·CVSS 7.5
CVE-2024-24258 [HIGH] CVE-2024-24258: freeglut - freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variabl...
freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
GHSA
GHSA-vrhp-w2wh-93c3: mupdf v1
ghsa_unreviewed·2024-02-05
CVE-2024-24258 [HIGH] CWE-401 GHSA-vrhp-w2wh-93c3: mupdf v1
mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
OSV
CVE-2024-24258: freeglut 3
osv·2024-02-05·CVSS 7.5
CVE-2024-24258 [HIGH] CVE-2024-24258: freeglut 3
freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/freeglut/freeglut/pull/155https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.mdhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/https://github.com/freeglut/freeglut/pull/155https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.mdhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/https://lists.fedoraproject.org/archives/list/[email protected]/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS/
2024-02-05
Published