Lucene search

[email protected]NVD:CVE-2024-24246

HistoryFeb 29, 2024 - 8:15 p.m.

CVE-2024-24246

2024-02-2920:15:41

CWE-787

[email protected]

web.nvd.nist.gov

cve-2024-24246

qpdf

vulnerability

crash

application

std::__shared_count()

function

bits/shared_ptr_base.h

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.

Affected configurations

NVD

Node

qpdf_projectqpdfMatch11.9.0

Node

fedoraprojectfedoraMatch38

fedoraprojectfedoraMatch39

fedoraprojectfedoraMatch40

References

github.com/qpdf/qpdf/issues/1123

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WLK6ICPJUMOJNHZQWXAA5MPXG5JHZZL/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX3D3YCNS6CQL3774OFUROLP3EM25ILC/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3N6TULMEYVCLXO47Y5W4VWCJMSB72CB/

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for NVD:CVE-2024-24246

openvas5 fedora3 osv2 nessus5 ubuntucve1 mageia1 veracode1 prion1 alpinelinux1 cve1 debiancve1 redhatcve1 ubuntu1 cvelist1