CVE-2024-24259
published 2024-02-05CVE-2024-24259: freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
PriorityP335high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.15%
62.8th percentile
freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| artifex | mupdf | — | — |
| debian | freeglut | — | — |
| msrc | azl3_freeglut_3.4.0-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5LOW
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Freeglut vulnerabilities
vendor_ubuntu·2025-11-17
CVE-2024-24258 Freeglut vulnerabilities
Title: Freeglut vulnerabilities
Summary: Several security issues were fixed in Freeglut.
It was discovered that Freeglut incorrectly managed memory, resulting in a
memory leak. An attacker could possibly use this issue to cause a denial of
service.
Instructions: In general, a standard system update will make all the necessary changes.
Microsoft
freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
vendor_msrc·2024-02-13·CVSS 7.5
CVE-2024-24259 [HIGH] CWE-401 freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
mitre: mitre
Customer Action Requir
Red Hat
freeglut: memory leak via glutAddMenuEntry() function
vendor_redhat·2024-02-12·CVSS 7.5
CVE-2024-24259 [HIGH] CWE-401 freeglut: memory leak via glutAddMenuEntry() function
freeglut: memory leak via glutAddMenuEntry() function
freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
A memory leak flaw was found in the glutAddMenuEntry function of freeglut, an open-source alternative to the OpenGL Utility Toolkit. This issue may allow an attacker to launch a denial of service attack by crashing or hanging the program or take advantage of other unexpected program behavior resulting from a low memory condition.
Statement: The flaw allows an attacker to potentially cause a denial of service attack by crashing a program, but the impact is minimal.
Package: freeglut (Red Hat Enterprise Linux 7) - Out of support scope
Debian
CVE-2024-24259: freeglut - freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry...
vendor_debian·2024·CVSS 7.5
CVE-2024-24259 [HIGH] CVE-2024-24259: freeglut - freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry...
freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
GHSA
GHSA-6h6q-fm45-w3hv: mupdf v1
ghsa_unreviewed·2024-02-05
CVE-2024-24259 [HIGH] CWE-401 GHSA-6h6q-fm45-w3hv: mupdf v1
mupdf v1.23.9 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
OSV
CVE-2024-24259: freeglut through 3
osv·2024-02-05·CVSS 7.5
CVE-2024-24259 [HIGH] CVE-2024-24259: freeglut through 3
freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/freeglut/freeglut/pull/155https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.mdhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/https://github.com/freeglut/freeglut/pull/155https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.mdhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/https://lists.fedoraproject.org/archives/list/[email protected]/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS/
2024-02-05
Published