{"id":"CVE-2021-39912","details":"A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion.","aliases":["BIT-gitlab-2021-39912"],"modified":"2026-04-10T04:37:33.179356Z","published":"2021-11-05T00:15:11.287Z","references":[{"type":"ADVISORY","url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39912.json"},{"type":"REPORT","url":"https://gitlab.com/gitlab-org/gitlab/-/issues/341363"},{"type":"REPORT","url":"https://hackerone.com/reports/1330882"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"036576a25d67513637c1e2cba5859af47695188e"},{"fixed":"9ed95b96a6766af9336048a63a29b678f88a9413"},{"introduced":"036576a25d67513637c1e2cba5859af47695188e"},{"fixed":"9ed95b96a6766af9336048a63a29b678f88a9413"},{"introduced":"dec73e99fddac59c0bf816dc4bffd2a30abae6de"},{"fixed":"3e776d83389c706fb81973736e57ca6a6fb952fc"},{"introduced":"dec73e99fddac59c0bf816dc4bffd2a30abae6de"},{"fixed":"3e776d83389c706fb81973736e57ca6a6fb952fc"},{"introduced":"19c719febd74b6edf549bf6a2c0e36bf8f176d56"},{"fixed":"abc23a14bace184532d1d344c4d230d9fc99eba6"},{"introduced":"19c719febd74b6edf549bf6a2c0e36bf8f176d56"},{"fixed":"abc23a14bace184532d1d344c4d230d9fc99eba6"}],"database_specific":{"versions":[{"introduced":"13.7.0"},{"fixed":"14.2.6"},{"introduced":"13.7.0"},{"fixed":"14.2.6"},{"introduced":"14.3.0"},{"fixed":"14.3.4"},{"introduced":"14.3.0"},{"fixed":"14.3.4"},{"introduced":"14.4.0"},{"fixed":"14.4.1"},{"introduced":"14.4.0"},{"fixed":"14.4.1"}]}}],"versions":["v14.3.0-ee","v14.3.2-ee","v14.3.3-ee","v14.4.0-ee"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39912.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}