CVE-2024-25143

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-25143

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-25143.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-25143

Aliases

GHSA-87m3-6qj3-p3xh

Published

2024-02-07T15:15:08Z

Modified

2024-11-08T07:56:25.242323Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.

References

https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25143

Affected packages

Git / github.com/liferay/liferay-portal

Affected ranges

Type: GIT
Repo: https://github.com/liferay/liferay-portal
Events: Introduced

b072f5df5544a28677824835b490ce8a867bf133

Fixed

29b73b9b896c7d44fb5d1800a402698c303d1cf6

Affected versions

7.*

7.3.0-ga1

7.3.1-ga2

7.3.2-ga3

7.3.3-ga4

7.3.4-ga5

7.3.6-ga7

Other

test-fix-pack-base-7310