Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-40032

Published: 11/09/2023 Updated: 29/01/2024
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Libvips

Vulnerability Summary

libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.

Vulnerable Product Search on Vulmon Subscribe to Product

libvips libvips

References

CWE-476https://github.com/libvips/libvips/commit/e091d65835966ef56d53a4105a7362cafdb1582bhttps://github.com/libvips/libvips/security/advisories/GHSA-33qp-9pq7-9584https://github.com/libvips/libvips/pull/3604https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU2FFC47X2XDEGEHEWAGLU5L3R6FEYD2/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook