CVE-2024-25143
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.
Document and Media widget In Liferay Portal 7.2.0 a 7.3.6 y versiones anteriores no compatibles, y Liferay DXP 7.3 anteriores al service pack 3, 7.2 anteriores al fix pack 13 y versiones anteriores no compatibles, no limita el consumo de recursos al generar una vista previa image, que permite a los usuarios autenticados remotamente provocar una denegación de servicio (consumo de memoria) a través de imágenes PNG manipuladas.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-02-06 CVE Reserved
- 2024-02-07 CVE Published
- 2024-10-02 CVE Updated
- 2024-11-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
- CWE-770: Allocation of Resources Without Limits or Throttling
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Liferay Search vendor "Liferay" | Portal Search vendor "Liferay" for product "Portal" | >= 7.2.0 <= 7.3.6 Search vendor "Liferay" for product "Portal" and version " >= 7.2.0 <= 7.3.6" | en |
Affected
| ||||||