libvips 8.6.0

CPE Details

libvips 8.6.0
libvips
libvips
8.6.0
2023-09-29
09h18 +00:00
2023-09-29
09h18 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:libvips:libvips:8.6.0:-:*:*:*:*:*:*

Informations

Vendor

libvips

Product

libvips

Version

8.6.0

Update

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2020-20739 2020-11-20 17h16 +00:00 im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
5.3
Medium
CVE-2019-17534 2019-10-12 23h59 +00:00 vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.
8.8
High
CVE-2019-6976 2019-01-26 22h00 +00:00 libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image.
5.3
Medium
CVE-2018-7998 2018-03-09 18h00 +00:00 In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads.
7.5
High