Key Information Vulnerability Description Name: CVE-2024-7006 Public Disclosure Date: July 19, 2024 Last Updated: August 8, 2024 Severity: Medium Description: A null pointer dereference flaw in Libtiff. By using specific techniques, such as limiting heap space size or injecting faults, an attacker can trigger memory allocation failure, leading to application crashes and ultimately resulting in a denial of service. Vulnerability Impact Affected Packages and Red Hat Security Patches: - Red Hat Enterprise Linux 6 - Red Hat Enterprise Linux 7 - Red Hat Enterprise Linux 8 - Red Hat Enterprise Linux 9 - Status: Affected - Patch: Available CVSS Score CVSS v3 Base Score: 6.2 Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality Impact: None Integrity Impact: None Availability Impact: High Acknowledgments Thanks: Thanks to Xu Chang (N/A) for reporting this issue. Frequently Asked Questions Why does Red Hat’s CVSS v3 score or impact differ from other vendors? My product is listed as “Under Investigation” or “Affected”. When will Red Hat release a fix for this vulnerability? If my product is listed as “Not Fixed”, what should I do? What are mitigations? I have a Red Hat product, but it’s not listed above. Is it affected? Why is my security scanner flagging my product as affected by this vulnerability, even though my product version is patched or not affected? My product is listed as “Out of Support”. What does this mean? Additional Information Disclaimer: This page was automatically generated and has not been checked for errors or omissions. For questions or corrections, please contact the Red Hat Product Security Team. Copyright: CVE description copyright © 2021