CVE-2024-25143

{"id": "CVE-2024-25143", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security@liferay.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-02-07T15:15:08.907", "references": [{"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25143", "source": "security@liferay.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security@liferay.com", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images."}, {"lang": "es", "value": "Document and Media widget In Liferay Portal 7.2.0 a 7.3.6 y versiones anteriores no compatibles, y Liferay DXP 7.3 anteriores al service pack 3, 7.2 anteriores al fix pack 13 y versiones anteriores no compatibles, no limita el consumo de recursos al generar una vista previa image, que permite a los usuarios autenticados remotamente provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de im\u00e1genes PNG manipuladas."}], "lastModified": "2024-02-07T17:04:54.407", "sourceIdentifier": "security@liferay.com"}