CVE-2024-7006

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 12, 2024
Updated: Oct 11, 2024
CWE ID 476

Summary

CVE-2024-7006 is a newly disclosed vulnerability in Libtiff's `tif_dirinfo.c` module. This issue involves a null pointer dereference, which can be exploited by attackers to induce memory allocation failures. Possible attack methods include restricting the heap space size or injecting faults, resulting in segmentation faults. Ultimately, these vulnerabilities can cause applications utilizing Libtiff to crash, leading to a denial of service.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • LibTIFF
  • Red Hat Enterprise Linux

Affected Vendors

  • Red Hat
  • Libtiff