CVE-2024-25143

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 7, 2024
CWE ID 400

Summary

CVE-2024-25143 is a denial-of-service vulnerability affecting Liferay Portal versions 7.2.0 through 7.3.6, and older unsupported versions, as well as Liferay DXP versions 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions. This issue arises from the Document and Media widget, which fails to limit resource consumption when generating a preview image. Maliciously crafted PNG images can be used by remote, authenticated users to cause excessive memory consumption, resulting in a denial-of-service condition.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share