Nixpkgs Security Tracker

Untriaged

Permalink CVE-2024-7006

6.2 MEDIUM

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): NONE
Integrity impact (I): NONE
Availability impact (A): HIGH

created 6 months, 1 week ago

Libtiff: null pointer dereference in tif_dirinfo.c

A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.

References

https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
RHSA-2024:6360 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
RHBZ#2302996 issue-tracking x_refsource_REDHAT
RHSA-2024:6360 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHSA-2024:6360 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
RHSA-2024:6360 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20240920-0001/
RHSA-2024:6360 x_refsource_REDHAT vendor-advisory
RHSA-2024:8833 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20240920-0001/
RHSA-2024:6360 x_refsource_REDHAT vendor-advisory
RHSA-2024:8833 x_refsource_REDHAT vendor-advisory
RHSA-2024:8914 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20240920-0001/
RHSA-2024:6360 x_refsource_REDHAT vendor-advisory
RHSA-2024:8833 x_refsource_REDHAT vendor-advisory
RHSA-2024:8914 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20240920-0001/
RHSA-2024:6360 x_refsource_REDHAT vendor-advisory
RHSA-2024:8833 x_refsource_REDHAT vendor-advisory
RHSA-2024:8914 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20240920-0001/
RHSA-2024:6360 x_refsource_REDHAT vendor-advisory
RHSA-2024:8833 x_refsource_REDHAT vendor-advisory
RHSA-2024:8914 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20240920-0001/
RHSA-2024:6360 x_refsource_REDHAT vendor-advisory
RHSA-2024:8833 x_refsource_REDHAT vendor-advisory
RHSA-2024:8914 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20240920-0001/
RHSA-2024:8833 x_refsource_REDHAT vendor-advisory
RHSA-2024:8914 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
RHSA-2024:6360 x_refsource_REDHAT vendor-advisory
https://security.netapp.com/advisory/ntap-20240920-0001/
RHBZ#2302996 issue-tracking x_refsource_REDHAT
RHSA-2024:6360 x_refsource_REDHAT vendor-advisory
RHSA-2024:8833 x_refsource_REDHAT vendor-advisory
RHSA-2024:8914 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
https://security.netapp.com/advisory/ntap-20240920-0001/
RHSA-2024:6360 x_refsource_REDHAT vendor-advisory
RHSA-2024:8833 x_refsource_REDHAT vendor-advisory
RHSA-2024:8914 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20240920-0001/
https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html
RHSA-2024:6360 x_refsource_REDHAT vendor-advisory
RHSA-2024:8833 x_refsource_REDHAT vendor-advisory
RHSA-2024:8914 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20240920-0001/
https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html
RHSA-2024:6360 x_refsource_REDHAT vendor-advisory
RHSA-2024:8833 x_refsource_REDHAT vendor-advisory
RHSA-2024:8914 x_refsource_REDHAT vendor-advisory
https://access.redhat.com/security/cve/CVE-2024-7006 x_refsource_REDHAT vdb-entry
RHBZ#2302996 issue-tracking x_refsource_REDHAT
https://security.netapp.com/advisory/ntap-20240920-0001/
https://lists.debian.org/debian-lts-announce/2025/01/msg00019.html

Affected products

libtiff

==4.0.9
==4.4.0
*

Matching in nixpkgs

pkgs.libtiff

Library and utilities for working with the TIFF image file format

nixos-unstable -
- nixpkgs-unstable 4.7.0

Package maintainers

@sikmir Nikolay Korotkiy <sikmir@disroot.org>
@nh2 Niklas Hambüchen <mail@nh2.me>
@autra Augustin Trancart <augustin.trancart@gmail.com>
@willcohen Will Cohen
@l0b0 Victor Engmark <victor@engmark.name>
@nialov Nikolas Ovaskainen <nikolasovaskainen@gmail.com>
@imincik Ivan Mincik <ivan.mincik@gmail.com>

Suggestion detail

References

Affected products

Matching in nixpkgs

pkgs.libtiff

Package maintainers