Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:Resource Exhaustion
Created by: armorcodegithubpreprod[bot]
Findings for Container Security, Medium, [TheRedHatter/javagoof:Dockerfile]:Resource Exhaustion
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><4.0.8-2+deb9u4
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream tiff package.
See How to fix? for Debian:9 relevant versions.
In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the TIFFSetDirectory function of tif_dir.c. Remote attackers could leverage this vulnerability to cause a denial of service via a crafted tif file. This occurs because the declared number of directory entries is not validated against the actual number of directory entries.
References
- CONFIRM
- CVE Details
- Debian Security Advisory
- Debian Security Announcement
- Debian Security Announcement
- Debian Security Tracker
- MISC
- Ubuntu CVE Tracker
- Ubuntu Security Advisory
- Ubuntu Security Advisory
Origin : null Type : null Image Id : null
Snyk Project Status: Active
Component Details
- Exploit Maturity: no-known-exploit
- Vulnerable Package: -
- Current Version: -
- Vulnerable Version(s): ><2.40.21-0+deb9u1
- Vulnerable Path: >null
NVD Description
Note:
Versions mentioned in the description apply to the upstream librsvg package.
See How to fix? for Debian:9 relevant versions.
In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so that the number of final rendered objects grows exponentially.
References
- ADVISORY
- Debian Security Tracker
- FEDORA
- Fedora Security Update
- MISC
- MLIST
- OpenSuse Security Announcement
- UBUNTU
Origin : null Type : null Image Id : null
Snyk Project Status: Active