Vulnerabilities > CVE-2018-7998 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DLA-1306.NASL |
description | It was discovered that there was NULL function pointer dereference vulnerability in vips, an image processing system for very large images. Remote attackers could cause a denial of service via a specially crafted image file which occurred due to a race condition involving a failed image load and other worker threads. For Debian 7 |
last seen | 2020-03-17 |
modified | 2018-03-12 |
plugin id | 107278 |
published | 2018-03-12 |
reporter | This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
source | https://www.tenable.com/plugins/nessus/107278 |
title | Debian DLA-1306-1 : vips security update |
References
- https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5
- https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5
- https://github.com/jcupitt/libvips/issues/893
- https://github.com/jcupitt/libvips/issues/893
- https://lists.debian.org/debian-lts-announce/2018/03/msg00009.html
- https://lists.debian.org/debian-lts-announce/2018/03/msg00009.html