Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
libvips vulnerabilities and exploits
(subscribe to this query)
5.3
CVSSv3
CVE-2019-6976
libvips prior to 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image.
Libvips Libvips
1 Github repository
8.8
CVSSv3
CVE-2019-17534
vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips prior to 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.
Libvips Libvips
5.5
CVSSv3
CVE-2023-40032
libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when ...
Libvips Libvips
6.5
CVSSv3
CVE-2021-27847
Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85.
Libvips Libvips 8.10.5
7.5
CVSSv3
CVE-2018-7998
In libvips prior to 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote malicious users to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occur...
Libvips Libvips
Debian Debian Linux 7.0
5.3
CVSSv3
CVE-2020-20739
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips prior to 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
Libvips Libvips
Debian Debian Linux 9.0
Fedoraproject Fedora 32
NA
CVE-2010-3364
The vips-7.22 script in VIPS 7.22.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.
Vips Vips 7.22.2
5.5
CVSSv3
CVE-2021-45928
libjxl b02d6b9, as used in libvips 8.11 up to and including 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState<jxl::FrameDecoder::ProcessSections).
Libjxl Project Libjxl
9.8
CVSSv3
CVE-2022-24720
image_processing is an image processing wrapper for libvips and ImageMagick/GraphicsMagick. Prior to version 1.12.2, using the `#apply` method from image_processing to apply a series of operations that are coming from unsanitized user input allows the malicious user to execute sh...
Image Processing Project Image Processing
Debian Debian Linux 11.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
administrator privileges
CVE-2024-1579
hardcoded
CVE-2023-20198
CVE-2024-33587
CVE-2024-33449
CVE-2024-4308
HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started