VDB
CVE-2024-38806
CVE-2024-38806
PUBLISHED
CVSS 7.5 HIGH
A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service.
EPSS 0.03% · 9.3th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.03%
9.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 0 | ||
| Red Hat | Red Hat AI Inference Server 3.2 | sha256:bddcf7ab6d576572b6d60822c313ffebcd9869e4fde93e32ac327821f93cf32b, sha256:dcb9d1cd005c40b6db6f893e56419e383b9dcc0d38315605cb1457e2af5354f7, sha256:54616c9f3e4d27120504b0b2020432ef3ff85286a50de7be842f05df0cfcd69e |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat AI Inference Server 3.3 | sha256:be6d568f28044533e4ad80f0856407c359e2eaf31a6b89cada433e6575d2300e |
| Red Hat | Red Hat AI Inference Server 3.2 | sha256:14e32e88f1b89f59ed34a6d712746b82a6a54c6ed4727784f18aeff853abbdc7 |
| Red Hat | Red Hat AI Inference Server 3.3 | * |
| Red Hat | Red Hat Enterprise Linux 9 | * |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat AI Inference Server 3.2 | sha256:7856bdb7ae0d643a7b9362c164d4d4fe3c0c7186f5fff73a7ae9835b3df52e57, sha256:53007894763e03f609c35c727cb738db3c2130b19fa0e1069c24240e0870fb7a |
| Red Hat | Red Hat AI Inference Server 3.3 | sha256:0ec114881d9dcd28a5dbbb2ec0ea1301ad87d5ae133121ce8167ef29d19802cc |
| Red Hat | Red Hat Enterprise Linux 10.0 Extended Update Support | 0:4.6.0-6.el10_0.2 |
| Red Hat | Red Hat Enterprise Linux 10 | 0:4.6.0-6.el10_1.2 |
| Red Hat | Red Hat Enterprise Linux 8 | |
| Red Hat | Red Hat Discovery 2 | * |
| Red Hat | Red Hat Enterprise Linux 8 | * |
| Red Hat | Red Hat Enterprise Linux 9.6 Extended Update Support | 0:4.4.0-13.el9_6.3 |
| Red Hat | Red Hat Enterprise Linux 7 |
Exploit Intelligence
- A poc for Bootstrap XSS(CVE-2024-6485、CVE-2016-10735、CVE-2019-8331、CVE-2018-14040) (github-poc)
- A poc for Bootstrap XSS(CVE-2024-6485、CVE-2016-10735、CVE-2019-8331、CVE-2018-14040) (github-poc)
- A poc for Bootstrap XSS(CVE-2024-6485、CVE-2016-10735、CVE-2019-8331、CVE-2018-14040) (github-poc)
- A poc for Bootstrap XSS(CVE-2024-6485、CVE-2016-10735、CVE-2019-8331、CVE-2018-14040) (github-poc)
- A poc for Bootstrap XSS(CVE-2024-6485、CVE-2016-10735、CVE-2019-8331、CVE-2018-14040) (github-poc)
- sample exploit of buffer overflow in libpng (github-poc)
- sample exploit of buffer overflow in libpng (github-poc)
- sample exploit of buffer overflow in libpng (github-poc)
- sample exploit of buffer overflow in libpng (github-poc)
- sample exploit of buffer overflow in libpng (github-poc)
…and 231 more exploits
Timeline
- Oct 5, 2023 PoC Published
- Jan 25, 2024 PoC Published
- Feb 18, 2024 PoC Published
- May 22, 2024 PoC Published
- Jul 3, 2024 PoC Published
- Jul 18, 2024 CVE Published
- Jul 19, 2024 EPSS Score
- Aug 2, 2024 CVE Updated
- Aug 10, 2024 EPSS Score
- Aug 31, 2024 EPSS Score
- Sep 22, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
References
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24838 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24848 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24845 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24840 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24850 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24837 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24836 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24844 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24842 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24843 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24839 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24841 advisory
- https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24827 advisory
- RHSA-2024:5079 vendor-advisory
- RHSA-2025:20801 vendor-advisory
- RHSA-2025:21994 vendor-advisory
- RHSA-2025:23078 vendor-advisory
- RHSA-2025:23079 vendor-advisory
- RHSA-2025:23080 vendor-advisory
- RHSA-2026:3461 vendor-advisory
…and 30 more