cve-2024-7006
Vulnerability from cvelistv5
Published
2024-08-08 20:49
Modified
2025-01-09 19:19
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS score ?
0.98% (0.74777)
Summary
A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:6360Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:8833
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:8914
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2024-7006Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2302996Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240920-0001/
Impacted products
Vendor Product Version
Red Hat Red Hat Enterprise Linux 8 Unaffected: 0:4.0.9-33.el8_10   < *
    cpe:/a:redhat:enterprise_linux:8::appstream
    cpe:/a:redhat:enterprise_linux:8::crb
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9 Unaffected: 0:4.4.0-12.el9_4.1   < *
    cpe:/a:redhat:enterprise_linux:9::crb
    cpe:/a:redhat:enterprise_linux:9::appstream
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support Unaffected: 0:4.4.0-8.el9_2.1   < *
    cpe:/a:redhat:rhel_eus:9.2::crb
    cpe:/a:redhat:rhel_eus:9.2::appstream
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
 Create a notification for this product.
   Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-7006",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-08-09T15:35:30.347219Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-09T19:19:31.059Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-09-20T16:03:14.114Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  url: "https://security.netapp.com/advisory/ntap-20240920-0001/",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:enterprise_linux:8::appstream",
                  "cpe:/a:redhat:enterprise_linux:8::crb",
               ],
               defaultStatus: "affected",
               packageName: "libtiff",
               product: "Red Hat Enterprise Linux 8",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:4.0.9-33.el8_10",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:enterprise_linux:9::crb",
                  "cpe:/a:redhat:enterprise_linux:9::appstream",
               ],
               defaultStatus: "affected",
               packageName: "libtiff",
               product: "Red Hat Enterprise Linux 9",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:4.4.0-12.el9_4.1",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/a:redhat:rhel_eus:9.2::crb",
                  "cpe:/a:redhat:rhel_eus:9.2::appstream",
               ],
               defaultStatus: "affected",
               packageName: "libtiff",
               product: "Red Hat Enterprise Linux 9.2 Extended Update Support",
               vendor: "Red Hat",
               versions: [
                  {
                     lessThan: "*",
                     status: "unaffected",
                     version: "0:4.4.0-8.el9_2.1",
                     versionType: "rpm",
                  },
               ],
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:6",
               ],
               defaultStatus: "unknown",
               packageName: "libtiff",
               product: "Red Hat Enterprise Linux 6",
               vendor: "Red Hat",
            },
            {
               collectionURL: "https://access.redhat.com/downloads/content/package-browser/",
               cpes: [
                  "cpe:/o:redhat:enterprise_linux:7",
               ],
               defaultStatus: "unknown",
               packageName: "libtiff",
               product: "Red Hat Enterprise Linux 7",
               vendor: "Red Hat",
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Red Hat would like to thank Xu Chang (N/A) for reporting this issue.",
            },
         ],
         datePublic: "2024-07-19T00:00:00+00:00",
         descriptions: [
            {
               lang: "en",
               value: "A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.",
            },
         ],
         metrics: [
            {
               other: {
                  content: {
                     namespace: "https://access.redhat.com/security/updates/classification/",
                     value: "Moderate",
                  },
                  type: "Red Hat severity rating",
               },
            },
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.1",
               },
               format: "CVSS",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-476",
                     description: "NULL Pointer Dereference",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-11-15T19:41:22.455Z",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "RHSA-2024:6360",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:6360",
            },
            {
               name: "RHSA-2024:8833",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:8833",
            },
            {
               name: "RHSA-2024:8914",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2024:8914",
            },
            {
               tags: [
                  "vdb-entry",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/security/cve/CVE-2024-7006",
            },
            {
               name: "RHBZ#2302996",
               tags: [
                  "issue-tracking",
                  "x_refsource_REDHAT",
               ],
               url: "https://bugzilla.redhat.com/show_bug.cgi?id=2302996",
            },
         ],
         timeline: [
            {
               lang: "en",
               time: "2024-08-05T22:40:16.777000+00:00",
               value: "Reported to Red Hat.",
            },
            {
               lang: "en",
               time: "2024-07-19T00:00:00+00:00",
               value: "Made public.",
            },
         ],
         title: "Libtiff: null pointer dereference in tif_dirinfo.c",
         workarounds: [
            {
               lang: "en",
               value: "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
            },
         ],
         x_redhatCweChain: "CWE-476: NULL Pointer Dereference",
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2024-7006",
      datePublished: "2024-08-08T20:49:45.373Z",
      dateReserved: "2024-07-23T00:57:17.777Z",
      dateUpdated: "2025-01-09T19:19:31.059Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.5.1\", \"versionEndIncluding\": \"4.6.0\", \"matchCriteriaId\": \"990756E5-66EA-41E0-8C61-0BF877443C50\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2D1E1C3E-0188-43C3-8911-858B5D7A2965\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"71DDE212-1018-4554-9C06-4908442DE134\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F32CA554-F9D7-425B-8F1C-89678507F28C\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 una falla de desreferencia de puntero nulo en Libtiff a trav\\u00e9s de `tif_dirinfo.c`. Este problema puede permitir que un atacante desencadene fallas de asignaci\\u00f3n de memoria a trav\\u00e9s de ciertos medios, como restringir el tama\\u00f1o del espacio del mont\\u00f3n o inyectar fallas, lo que provoca una falla de segmentaci\\u00f3n. Esto puede provocar un fallo de la aplicaci\\u00f3n y, en \\u00faltima instancia, provocar una denegaci\\u00f3n de servicio.\"}]",
         id: "CVE-2024-7006",
         lastModified: "2024-11-21T09:50:44.560",
         metrics: "{\"cvssMetricV31\": [{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
         published: "2024-08-12T13:38:40.577",
         references: "[{\"url\": \"https://access.redhat.com/errata/RHSA-2024:6360\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8833\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8914\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-7006\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2302996\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20240920-0001/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
         sourceIdentifier: "secalert@redhat.com",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-476\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2024-7006\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2024-08-12T13:38:40.577\",\"lastModified\":\"2024-11-21T09:50:44.560\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.\"},{\"lang\":\"es\",\"value\":\"Se encontró una falla de desreferencia de puntero nulo en Libtiff a través de `tif_dirinfo.c`. Este problema puede permitir que un atacante desencadene fallas de asignación de memoria a través de ciertos medios, como restringir el tamaño del espacio del montón o inyectar fallas, lo que provoca una falla de segmentación. Esto puede provocar un fallo de la aplicación y, en última instancia, provocar una denegación de servicio.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-476\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.5.1\",\"versionEndIncluding\":\"4.6.0\",\"matchCriteriaId\":\"990756E5-66EA-41E0-8C61-0BF877443C50\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D1E1C3E-0188-43C3-8911-858B5D7A2965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"71DDE212-1018-4554-9C06-4908442DE134\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F32CA554-F9D7-425B-8F1C-89678507F28C\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/errata/RHSA-2024:6360\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8833\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2024:8914\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2024-7006\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2302996\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240920-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
      vulnrichment: {
         containers: "{\"cna\": {\"title\": \"Libtiff: null pointer dereference in tif_dirinfo.c\", \"metrics\": [{\"other\": {\"content\": {\"value\": \"Moderate\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}, \"type\": \"Red Hat severity rating\"}}, {\"cvssV3_1\": {\"attackComplexity\": \"LOW\", \"attackVector\": \"NETWORK\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"scope\": \"UNCHANGED\", \"userInteraction\": \"NONE\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"version\": \"3.1\"}, \"format\": \"CVSS\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.\"}], \"affected\": [{\"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 8\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"libtiff\", \"defaultStatus\": \"affected\", \"versions\": [{\"version\": \"0:4.0.9-33.el8_10\", \"lessThan\": \"*\", \"versionType\": \"rpm\", \"status\": \"unaffected\"}], \"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\", \"cpe:/a:redhat:enterprise_linux:8::crb\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"libtiff\", \"defaultStatus\": \"affected\", \"versions\": [{\"version\": \"0:4.4.0-12.el9_4.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\", \"status\": \"unaffected\"}], \"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::crb\", \"cpe:/a:redhat:enterprise_linux:9::appstream\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 9.2 Extended Update Support\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"libtiff\", \"defaultStatus\": \"affected\", \"versions\": [{\"version\": \"0:4.4.0-8.el9_2.1\", \"lessThan\": \"*\", \"versionType\": \"rpm\", \"status\": \"unaffected\"}], \"cpes\": [\"cpe:/a:redhat:rhel_eus:9.2::crb\", \"cpe:/a:redhat:rhel_eus:9.2::appstream\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"libtiff\", \"defaultStatus\": \"unknown\", \"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"]}, {\"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 7\", \"collectionURL\": \"https://access.redhat.com/downloads/content/package-browser/\", \"packageName\": \"libtiff\", \"defaultStatus\": \"unknown\", \"cpes\": [\"cpe:/o:redhat:enterprise_linux:7\"]}], \"references\": [{\"url\": \"https://access.redhat.com/errata/RHSA-2024:6360\", \"name\": \"RHSA-2024:6360\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8833\", \"name\": \"RHSA-2024:8833\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2024:8914\", \"name\": \"RHSA-2024:8914\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2024-7006\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2302996\", \"name\": \"RHBZ#2302996\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}], \"datePublic\": \"2024-07-19T00:00:00+00:00\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-476\", \"description\": \"NULL Pointer Dereference\", \"lang\": \"en\", \"type\": \"CWE\"}]}], \"x_redhatCweChain\": \"CWE-476: NULL Pointer Dereference\", \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2024-08-05T22:40:16.777000+00:00\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2024-07-19T00:00:00+00:00\", \"value\": \"Made public.\"}], \"credits\": [{\"lang\": \"en\", \"value\": \"Red Hat would like to thank Xu Chang (N/A) for reporting this issue.\"}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2024-11-15T19:41:22.455Z\"}}, \"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20240920-0001/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-09-20T16:03:14.114Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-7006\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-09T15:35:30.347219Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-09T15:35:36.766Z\"}}]}",
         cveMetadata: "{\"cveId\": \"CVE-2024-7006\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"redhat\", \"dateReserved\": \"2024-07-23T00:57:17.777Z\", \"datePublished\": \"2024-08-08T20:49:45.373Z\", \"dateUpdated\": \"2025-01-09T19:19:31.059Z\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.