Vulnerabilities > Libvips

DATE CVE VULNERABILITY TITLE RISK
2023-09-11 CVE-2023-40032 Unspecified vulnerability in Libvips
libvips is a demand-driven, horizontally threaded image processing library.
local
low complexity
libvips
5.5
2021-07-15 CVE-2021-27847 Divide By Zero vulnerability in Libvips 8.10.5
Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85.
network
low complexity
libvips CWE-369
6.5
2020-11-20 CVE-2020-20739 Missing Initialization of Resource vulnerability in multiple products
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
network
low complexity
libvips debian fedoraproject CWE-909
5.3
2019-10-13 CVE-2019-17534 Use After Free vulnerability in Libvips
vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.
network
low complexity
libvips CWE-416
8.8
2019-01-26 CVE-2019-6976 Use of Uninitialized Resource vulnerability in Libvips
libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory.
network
low complexity
libvips CWE-908
5.3
2018-03-09 CVE-2018-7998 NULL Pointer Dereference vulnerability in multiple products
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file.
network
high complexity
libvips debian CWE-476
7.5