Ziqiang Gu discovered that VIPS could be made to dereference a NULL pointer. If a user or automated system were tricked into processing a specially crafted input image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-7998) It was discovered that VIPS did not properly handle uninitialized memory locations when processing corrupted input image data. An attacker could possibly use this issue to generate output images that expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-6976) It was discovered that VIPS did not properly manage memory due to an uninitialized variable. If a user or automated system were tricked into processing a specially crafted output file, an attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-20739) It was discovered that VIPS could be made to divide by zero in multiple funcions. If a user or automated system were tricked into processing a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-27847) It was discovered that VIPS did not properly handle certain input files that contained malformed UTF-8 characters. If a user or automated system were tricked into processing a specially crafted SVG image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-40032)
Continue reading...
Continue reading...
