Vulnerabilities > CVE-2020-20739 - Missing Initialization of Resource vulnerability in multiple products

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

NVD

Published: 2020-11-20

Updated: 2024-02-08

Summary

im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.

Vulnerable Configurations

Part	Description	Count
Application	Libvips Libvips Libvips 7.28.0 Libvips Libvips 7.30.0 Libvips Libvips 8.0 Libvips Libvips 8.1 Libvips Libvips 8.2.2 Libvips Libvips 8.2.3 Libvips Libvips 8.3.0 Libvips Libvips 8.4.2 Libvips Libvips 8.4.6 Libvips Libvips 8.5.1 Libvips Libvips 8.5.2 Libvips Libvips 8.5.3 Libvips Libvips 8.5.4 Libvips Libvips 8.5.5 Libvips Libvips 8.5.6 Libvips Libvips 8.5.7 Libvips Libvips 8.5.8 Libvips Libvips 8.5.9 Libvips Libvips 8.6.0 Libvips Libvips 8.6.1 Libvips Libvips 8.6.2 Libvips Libvips 8.6.3 Libvips Libvips 8.6.4 Libvips Libvips 8.6.5 Libvips Libvips 8.7.0 Libvips Libvips 8.7.1 Libvips Libvips 8.7.2 Libvips Libvips 8.7.3 Libvips Libvips 8.7.4 Libvips Libvips 8.8.0 Libvips Libvips 8.8.1	46
OS	Debian Debian Debian Linux 9.0	1
OS	Fedoraproject Fedoraproject Fedora 32	1

Common Weakness Enumeration (CWE)

CWE-909 - Missing Initialization of Resource

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References