The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images.
References
Link | Resource |
---|---|
https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25143 | Mitigation Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2024, 20:55
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:liferay:digital_experience_platform:7.3:fix_pack_1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_1:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_10:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:*:*:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_12:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_6:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_9:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:-:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_8:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_5:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_4:*:*:*:*:*:* cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_3:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_7:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.3:-:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_2:*:*:*:*:*:* cpe:2.3:a:liferay:digital_experience_platform:7.2:fix_pack_11:*:*:*:*:*:* |
|
First Time |
Liferay
Liferay liferay Portal Liferay digital Experience Platform |
|
References | () https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25143 - Mitigation, Vendor Advisory |
02 Oct 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-770 |
07 Feb 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-02-07 15:15
Updated : 2024-11-07 20:55
NVD link : CVE-2024-25143
Mitre link : CVE-2024-25143
CVE.ORG link : CVE-2024-25143
JSON object : View
Products Affected
liferay
- liferay_portal
- digital_experience_platform
CWE
CWE-770
Allocation of Resources Without Limits or Throttling