Vulnerabilities (CVE)

Filtered by vendor Libvips Project Subscribe

Filtered by product Libvips

CVSS v3 Filter

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 2 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2019-17534	1 Libvips Project	1 Libvips	2019-10-17	6.8 MEDIUM	8.8 HIGH
vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.
CVE-2018-7998	2 Debian, Libvips Project	2 Debian Linux, Libvips	2018-03-27	5.1 MEDIUM	7.5 HIGH
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads.