CVE-2024-7006
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Aug 12, 2024
Updated: Oct 11, 2024
CWE ID 476
Summary
CVE-2024-7006 is a newly disclosed vulnerability in Libtiff's `tif_dirinfo.c` module. This issue involves a null pointer dereference, which can be exploited by attackers to induce memory allocation failures. Possible attack methods include restricting the heap space size or injecting faults, resulting in segmentation faults. Ultimately, these vulnerabilities can cause applications utilizing Libtiff to crash, leading to a denial of service.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- LibTIFF
- Red Hat Enterprise Linux
Affected Vendors
- Red Hat
- Libtiff