CVE-2024-7006 - Vulnerability Details

A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00765.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Libtiff	Libtiff
Redhat	Enterprise Linux Enterprise Linux For Arm 64 Enterprise Linux For Power Little Endian Eus Enterprise Linux Server Aus Rhel Eus

Configuration 1 [-]

cpe:2.3:a:libtiff:libtiff:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
libtiff-0:4.0.9-33.el8_10	cpe:/a:redhat:enterprise_linux:8	RHSA-2024:8833	2024-11-05T00:00:00Z
Red Hat Enterprise Linux 9
libtiff-0:4.4.0-12.el9_4.1	cpe:/a:redhat:enterprise_linux:9	RHSA-2024:8914	2024-11-05T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
libtiff-0:4.4.0-8.el9_2.1	cpe:/a:redhat:rhel_eus:9.2	RHSA-2024:6360	2024-09-04T00:00:00Z

No data.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2024:6360
https://access.redhat.com/errata/RHSA-2024:8833
https://access.redhat.com/errata/RHSA-2024:8914
https://access.redhat.com/security/cve/CVE-2024-7006
https://bugzilla.redhat.com/show_bug.cgi?id=2302996
https://nvd.nist.gov/vuln/detail/CVE-2024-7006
https://security.netapp.com/advisory/ntap-20240920-0001/
https://www.cve.org/CVERecord?id=CVE-2024-7006

History

Wed, 16 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00765}`	epss `{'score': 0.00588}`

Tue, 03 Jun 2025 02:15:00 +0000

Type	Values Removed	Values Added
Metrics	ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`	ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Sun, 01 Jun 2025 04:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:10

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20240920-0001/

Wed, 06 Nov 2024 15:00:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:9

Wed, 06 Nov 2024 09:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~	cpe:/a:redhat:enterprise_linux:9::appstream cpe:/a:redhat:enterprise_linux:9::crb
References		https://access.redhat.com/errata/RHSA-2024:8914

Wed, 06 Nov 2024 02:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:enterprise_linux:8

Tue, 05 Nov 2024 08:00:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:8~~	cpe:/a:redhat:enterprise_linux:8::appstream cpe:/a:redhat:enterprise_linux:8::crb
References		https://access.redhat.com/errata/RHSA-2024:8833

Fri, 11 Oct 2024 15:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat enterprise Linux For Arm 64 Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Server Aus
CPEs	cpe:2.3:a:libtiff:libtiff:4.5.1:::::::*	cpe:2.3:a:libtiff:libtiff:::::::: cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2:::::::* cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
Vendors & Products		Redhat enterprise Linux For Arm 64 Redhat enterprise Linux For Power Little Endian Eus Redhat enterprise Linux Server Aus

Fri, 06 Sep 2024 19:30:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-754

Fri, 06 Sep 2024 13:45:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/a:redhat:rhel_eus:9.2

Wed, 04 Sep 2024 22:45:00 +0000

Type	Values Removed	Values Added
First Time appeared		Redhat rhel Eus
CPEs		cpe:/a:redhat:rhel_eus:9.2::appstream cpe:/a:redhat:rhel_eus:9.2::crb
Vendors & Products		Redhat rhel Eus
References		https://access.redhat.com/errata/RHSA-2024:6360

Tue, 03 Sep 2024 13:30:00 +0000

Type	Values Removed	Values Added
Metrics	cvssV3_1 `{'score': 6.2, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`	cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}`

Tue, 13 Aug 2024 15:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Libtiff Libtiff libtiff
Weaknesses		CWE-476
CPEs		cpe:2.3:a:libtiff:libtiff:4.5.1:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
Vendors & Products		Libtiff Libtiff libtiff

Fri, 09 Aug 2024 16:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 08 Aug 2024 21:00:00 +0000

Type	Values Removed	Values Added
Description	No description is available for this CVE.	A null pointer dereference flaw was found in Libtiff via `tif_dirinfo.c`. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.
Title	libtiff: NULL pointer dereference in tif_dirinfo.c	Libtiff: null pointer dereference in tif_dirinfo.c
First Time appeared		Redhat Redhat enterprise Linux
CPEs		cpe:/o:redhat:enterprise_linux:6 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9
Vendors & Products		Redhat Redhat enterprise Linux
References		https://access.redhat.com/security/cve/CVE-2024-7006 https://bugzilla.redhat.com/show_bug.cgi?id=2302996

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2024-08-08T20:49:45.373Z

Updated: 2025-08-30T22:47:36.920Z

Reserved: 2024-07-23T00:57:17.777Z

Link: CVE-2024-7006

Vulnrichment

Updated: 2024-09-20T16:03:14.114Z

NVD

Status : Modified

Published: 2024-08-12T13:38:40.577

Modified: 2024-11-21T09:50:44.560

Link: CVE-2024-7006

Redhat

Severity : Moderate

Publid Date: 2024-07-19T00:00:00Z

Links: CVE-2024-7006 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object