The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Liferay
Published: 2024-02-07T14:45:04.168Z
Updated: 2024-08-19T20:07:09.484Z
Reserved: 2024-02-06T10:32:42.566Z
Link: CVE-2024-25143
Vulnrichment
Updated: 2024-08-01T23:36:21.826Z
NVD
Status : Awaiting Analysis
Published: 2024-02-07T15:15:08.907
Modified: 2024-02-07T17:04:54.407
Link: CVE-2024-25143
Redhat
No data.