CVE-2024-24246

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Feb 29, 2024

Updated: Aug 9, 2024

CWE ID 787

CWE ID 122

Summary

CVE-2024-24246 is a critical vulnerability affecting qpdf version 11.9.0. This issue involves a heap buffer overflow, enabling attackers to cause the application to crash through manipulation of the std::__shared_count() function located in /bits/shared_ptr_base.h. Successful exploitation of this vulnerability could lead to denial-of-service attacks, potentially allowing more severe consequences if further exploited. Users are strongly advised to update qpdf to a patched version as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Fedora Operating System

Affected Vendors

Fedora Project

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uRlyrj
https://www.cve.org/CVERecord?id=CVE-2024-24246
https://nvd.nist.gov/vuln/detail/CVE-2024-24246

Back to Vulnerability Database