Vulnerabilities > Libvips
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-11 | CVE-2023-40032 | Unspecified vulnerability in Libvips libvips is a demand-driven, horizontally threaded image processing library. | 5.5 |
2021-07-15 | CVE-2021-27847 | Divide By Zero vulnerability in Libvips 8.10.5 Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85. | 6.5 |
2020-11-20 | CVE-2020-20739 | Missing Initialization of Resource vulnerability in multiple products im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. | 5.3 |
2019-10-13 | CVE-2019-17534 | Use After Free vulnerability in Libvips vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free. | 8.8 |
2019-01-26 | CVE-2019-6976 | Use of Uninitialized Resource vulnerability in Libvips libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. | 5.3 |
2018-03-09 | CVE-2018-7998 | NULL Pointer Dereference vulnerability in multiple products In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. | 7.5 |