The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.
References
Configurations
No configuration.
History
07 Feb 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-07 15:15
Updated : 2024-02-07 17:04
NVD link : CVE-2024-25143
Mitre link : CVE-2024-25143
CVE.ORG link : CVE-2024-25143
JSON object : View
Products Affected
No product.
CWE
CWE-400
Uncontrolled Resource Consumption