1.138.0
cf-buildpacks-eng
released this
10 Sep 15:41
·
36 commits
to main
since this release
Notably, this release addresses:
USN-6997-1 LibTIFF vulnerability:
- CVE-2024-7006:
A null pointer dereference flaw was found in Libtiff viatif_dirinfo.c
.
This issue may allow an attacker to trigger memory allocation failures
through certain means, such as restricting the heap space size or injecting
faults, causing a segmentation fault. This can cause an application crash,
eventually leading to a denial of service.