Upgrade AlmaLinux:8 container-tools:rhel8/aardvark-dns to version 2:1.10.0-1.module_el8.10.0+3858+6ad51f9f or higher. This issue was patched in ALSA-2024:6969 .

CVE-2024-24784 in container-tools:rhel8/aardvark-dns | CVE-2024-24784

Threat Intelligence

0.86% (83^rd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Improper Input Validation vulnerabilities in an interactive lesson.

Start learning

Snyk IDSNYK-DEBIANUNSTABLE-TIFF-405762
published26 Jul 2017
disclosed26 Jul 2017

Report a new vulnerability Found a mistake?

Introduced: 26 Jul 2017

CVE-2017-11613 (opens in a new tab) CWE-20 (opens in a new tab)

How to fix?

Upgrade Debian:unstable tiff to version 4.0.9-5 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream tiff package and not the tiff package as distributed by Debian. See How to fix? for Debian:unstable relevant fixed versions and status.

In LibTIFF 4.0.8, there is a denial of service vulnerability in the TIFFOpen function. A crafted input will lead to a denial of service attack. During the TIFFOpen process, td_imagelength is not checked. The value of td_imagelength can be directly controlled by an input file. In the ChopUpSingleUncompressedStrip function, the _TIFFCheckMalloc function is called based on td_imagelength. If we set the value of td_imagelength close to the amount of system memory, it will hang the system or trigger the OOM killer.

Improper Input Validation Affecting tiff package, versions <4.0.9-5

Severity