Unrated severityOSV Advisory· Published Aug 8, 2024· Updated Jan 23, 2026

Libtiff: null pointer dereference in tif_dirinfo.c

CVE-2024-7006

Description

A null pointer dereference flaw was found in Libtiff via tif_dirinfo.c. This issue may allow an attacker to trigger memory allocation failures through certain means, such as restricting the heap space size or injecting faults, causing a segmentation fault. This can cause an application crash, eventually leading to a denial of service.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

LibTIFF/LibtiffOSV2 versions
(expand)+ 1 more
- (no CPE)
- (no CPE)
osv-coords26 versions
pkg:apk/chainguard/tiff pkg:apk/chainguard/tiff-dev pkg:apk/chainguard/tiff-doc pkg:apk/wolfi/tiff pkg:apk/wolfi/tiff-dev pkg:apk/wolfi/tiff-doc pkg:rpm/almalinux/libtiff pkg:rpm/almalinux/libtiff-devel pkg:rpm/almalinux/libtiff-tools pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%2015.5 pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/tiff&distro=openSUSE%20Leap%20Micro%205.5 pkg:rpm/opensuse/tiff&distro=openSUSE%20Tumbleweed pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.2 pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.3 pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.4 pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Micro%205.5 pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5 pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6 pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP5 pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6 pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5 pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Micro%206.0 pkg:rpm/suse/tiff&distro=SUSE%20Linux%20Micro%206.1
< 4.7.0-r0+ 25 more
- (no CPE)range: < 4.7.0-r0
- (no CPE)range: < 4.7.0-r0
- (no CPE)range: < 4.7.0-r0
- (no CPE)range: < 4.7.0-r0
- (no CPE)range: < 4.7.0-r0
- (no CPE)range: < 4.7.0-r0
- (no CPE)range: < 4.0.9-33.el8_10
- (no CPE)range: < 4.0.9-33.el8_10
- (no CPE)range: < 4.0.9-33.el8_10
- (no CPE)range: < 4.0.9-150000.45.47.1
- (no CPE)range: < 4.6.0-150600.3.3.1
- (no CPE)range: < 4.0.9-150000.45.47.1
- (no CPE)range: < 4.6.0-5.1
- (no CPE)range: < 4.0.9-150000.45.47.1
- (no CPE)range: < 4.0.9-150000.45.47.1
- (no CPE)range: < 4.0.9-150000.45.47.1
- (no CPE)range: < 4.0.9-150000.45.47.1
- (no CPE)range: < 4.0.9-150000.45.47.1
- (no CPE)range: < 4.0.9-150000.45.47.1
- (no CPE)range: < 4.0.9-150000.45.47.1
- (no CPE)range: < 4.6.0-150600.3.3.1
- (no CPE)range: < 4.0.9-44.86.1
- (no CPE)range: < 4.0.9-44.86.1
- (no CPE)range: < 4.0.9-44.86.1
- (no CPE)range: < 4.6.0-4.1
- (no CPE)range: < 4.7.1-slfo.1.1_1.1

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

access.redhat.com/errata/RHSA-2024:6360mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:8833mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/errata/RHSA-2024:8914mitrevendor-advisoryx_refsource_REDHAT
access.redhat.com/security/cve/CVE-2024-7006mitrevdb-entryx_refsource_REDHAT
bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000