Vulnerabilities > CVE-2018-7998 - NULL Pointer Dereference vulnerability in multiple products
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
| NASL family | Debian Local Security Checks |
| NASL id | DEBIAN_DLA-1306.NASL |
| description | It was discovered that there was NULL function pointer dereference vulnerability in vips, an image processing system for very large images. Remote attackers could cause a denial of service via a specially crafted image file which occurred due to a race condition involving a failed image load and other worker threads. For Debian 7 |
| last seen | 2020-03-17 |
| modified | 2018-03-12 |
| plugin id | 107278 |
| published | 2018-03-12 |
| reporter | This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/107278 |
| title | Debian DLA-1306-1 : vips security update |