NULL Pointer Dereference Affecting tiff package, versions <4.7.0-r0
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-CHAINGUARDLATEST-TIFF-8184972
- published 12 Oct 2024
- disclosed 12 Aug 2024
Introduced: 12 Aug 2024
CVE-2024-7006 Open this link in a new tabHow to fix?
Upgrade Chainguard
tiff
to version 4.7.0-r0 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream tiff
package and not the tiff
package as distributed by Chainguard
.
See How to fix?
for Chainguard
relevant fixed versions and status.
A null pointer dereference flaw was found in Libtiff via tif_dirinfo.c
. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.