1. Home
  2. Vulnerabilities
  3. CVE-2024-25143

CVE-2024-25143

CVSS v3.1 6.5 (Medium)
65% Progress
EPSS 0.05 % (18th)
0.05% Progress
Advisories 1
Info CVSS EPSS CAPEC References Security Advisories Packages & Software Graph Web & Social Timeline

The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.

Weaknesses
CWE-400
Uncontrolled Resource Consumption
CVE Status
PUBLISHED
CNA
Liferay Inc.
Published Date
2024-02-07 15:15:08
(7 months ago)
Updated Date
2024-02-07 17:04:54
(7 months ago)