Description
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
References
https://github.com/libvips/libvips/issues/1419
ExploitIssue Tracking
https://lists.debian.org/debian-lts-announce/2020/11/msg00049.html
Mailing ListThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2020-11-20T19:15:11.710
4 years agoLast modified
2024-02-08T23:50:31.537
1 year ago