{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6716", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "REJECTED", "assignerShortName": "redhat", "dateReserved": "2024-07-12T18:12:59.781Z", "datePublished": "2024-07-15T14:43:52.638Z", "dateUpdated": "2024-09-04T13:58:43.119Z", "dateRejected": "2024-09-04T13:58:43.119Z"}, "containers": {"cna": {"rejectedReasons": [{"lang": "en", "value": "Invalid security issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-04T13:58:43.119Z"}}}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6716", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "REJECTED", "assignerShortName": "redhat", "dateReserved": "2024-07-12T18:12:59.781Z", "datePublished": "2024-07-15T14:43:52.638Z", "dateUpdated": "2024-09-04T13:58:43.119Z", "dateRejected": "2024-09-04T13:58:43.119Z"}, "containers": {"cna": {"rejectedReasons": [{"lang": "en", "value": "Invalid security issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-09-04T13:58:43.119Z"}}}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: Invalid security issue."}], "id": "CVE-2024-6716", "lastModified": "2024-09-04T14:15:14.457", "metrics": {}, "published": "2024-07-15T15:15:10.900", "references": [], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "libtiff: Out-of-memory issue in TIFFReadEncodedStrip() may lead to Denial of Service", "id": "2297636", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2297636"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-400", "details": ["A flaw was found in the libtiff library. An out-of-memory issue in the TIFFReadEncodedStrip function can be triggered when processing a crafted TIFF file, allowing attackers to perform memory allocation of arbitrary sizes, resulting in a denial of service.", "A flaw was found in the libtiff library. An out-of-memory issue in the TIFFReadEncodedStrip function can be triggered when processing a crafted TIFF file, allowing attackers to perform memory allocation of arbitrary sizes, resulting in a denial of service."], "mitigation": {"lang": "en:us", "value": "Do not parse TIFF files from untrusted or malicious sources."}, "name": "CVE-2024-6716", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "compat-libtiff3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mingw-libtiff", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libtiff", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-08-31T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-6716\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-6716\nhttps://gitlab.com/libtiff/libtiff/-/issues/620"], "statement": "This issue can be triggered by the TIFFReadFromUserBuffer function. An application that does not use this function is not vulnerable to this vulnerability.", "threat_severity": "Moderate"}