Advisories » MGASA-2024-0287

Updated libtiff packages fix security vulnerability

Publication date: 10 Sep 2024
Modification date: 10 Sep 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-7006

Description

A null pointer dereference flaw was found in Libtiff via
`tif_dirinfo.c`. This issue may allow an attacker to trigger memory
allocation failures through certain means, such as restricting the heap
space size or injecting faults, causing a segmentation fault. This can
cause an application crash, eventually leading to a denial of service.
(CVE-2024-7006)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33538
• https://lists.suse.com/pipermail/sle-updates/2024-September/036754.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7006

SRPMS

9/core

• libtiff-4.5.1-1.5.mga9