Published: 26/01/2019 Updated: 29/09/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

libvips prior to 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libvips libvips

This repo describes how to set up a test envitoment with a vulnerable libvips application, to test the entropy calculator UploadScanner addon.

Testing environment for CVE-2019-6976 This repository contains all the files and information to set up an environment with the vulnerable libvips library to play around with CVE-2019-6976 The main purpose of this image is to provide a testing environment for the entropy calculator Upload Scanner addon (githubcom/Tare05/upload-scanner/tree/entropy) Set up You can use

CWE-908 https://github.com/libvips/libvips/releases/tag/v8.7.4 https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a https://blog.silentsignal.eu/2019/04/18/drop-by-drop-bleeding-through-libvips/https://nvd.nist.gov https://github.com/Tare05/TestEnvForEntropyCalc

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-6976

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect