Home
MEDIUM: 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HDefault status
unaffected
11.6.0 (semver)
affected
11.5.0 (semver)
affected
11.5.0 (semver)
affected
11.4.0 (semver)
affected
10.11.0 (semver)
affected
11.7.0
unaffected
11.6.1
unaffected
11.5.3
unaffected
11.5.4
unaffected
11.4.5
unaffected
10.11.15
unaffected
Description
Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.2, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate the TIFF IFD offset in the image header before allocating memory, which allows authenticated users with file upload or posting permissions to cause a denial of service (server OOM) via uploading a crafted TIFF file or posting a URL that serves one.. Mattermost Advisory ID: MMSA-2026-00648
Problem types
CWE-400 Uncontrolled Resource Consumption
Product status
11.6.0 (semver)
11.5.0 (semver)
11.5.0 (semver)
11.4.0 (semver)
10.11.0 (semver)
11.7.0
11.6.1
11.5.3
11.5.4
11.4.5
10.11.15
Credits
ZephrFish
References
mattermost.com/security-updates (MMSA-2026-00648)