Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-25143

The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.

Published

2024-02-07T15:15:08.907

Last Modified

2024-11-21T09:00:20.390

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses
  • Type: Secondary
    CWE-770
  • Type: Primary
    CWE-770
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application liferay digital_experience_platform < 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.2 Yes
Application liferay digital_experience_platform 7.3 Yes
Application liferay digital_experience_platform 7.3 Yes
Application liferay liferay_portal < 7.2.0 Yes
Application liferay liferay_portal ≤ 7.2.1 Yes
Application liferay liferay_portal < 7.3.7 Yes
References