CVE-2018-7998

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-7998
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7998.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-7998
Downstream
Published
2018-03-09T19:29:01.070Z
Modified
2026-03-02T01:20:22.865708Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vipsregiongenerate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads.

References

Affected packages

Git / github.com/jcupitt/libvips

Affected ranges

Type
GIT
Repo
https://github.com/jcupitt/libvips
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
20d840e6da15c1574b3ed998bc92f91d1e36c2a5

Affected versions

v7.*
v7.28.0
v7.30.0
v8.*
v8.0-beta
v8.1
v8.2.2
v8.2.3
v8.3.0
v8.4.2
v8.5.1
v8.5.2
v8.5.3
v8.5.4
v8.5.5
v8.5.6
v8.5.7
v8.5.8
v8.5.9
v8.6.0
v8.6.0-alpha1
v8.6.0-alpha2
v8.6.0-alpha3
v8.6.0-alpha4
v8.6.0-alpha5
v8.6.0-beta1
v8.6.0-beta2
v8.6.1
v8.6.2

Database specific

vanir_signatures 
[
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "306926423683472828317704438232217260033",
                "277502447855396680736552641980594366635",
                "60324371128634066185810503912703753954",
                "46965884156854872856711803342893603777"
            ]
        },
        "source": "https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5",
        "deprecated": false,
        "id": "CVE-2018-7998-2415b40c",
        "signature_type": "Line",
        "target": {
            "file": "libvips/include/vips/foreign.h"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "length": 727.0,
            "function_hash": "218512315501625304912560481540080997760"
        },
        "source": "https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5",
        "deprecated": false,
        "id": "CVE-2018-7998-6b377808",
        "signature_type": "Function",
        "target": {
            "function": "vips_foreign_load_start",
            "file": "libvips/foreign/foreign.c"
        },
        "signature_version": "v1"
    },
    {
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "74971341457739111062111131691742175785",
                "269345774935057705419413702627315801641",
                "168304705553438508146335368674068646877",
                "56335366994696899431774619255624391828",
                "339680074312113606083540884884732141390",
                "29243557630705950689171324433621822952",
                "23393416851620940943205440885912574856",
                "47612449997992787440572348434302158533",
                "101420819265531338736456940068176335718",
                "56780132785993053343655089612002781683",
                "184858710503790449278907834426119569883",
                "339659324962237870371255317078229467245"
            ]
        },
        "source": "https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5",
        "deprecated": false,
        "id": "CVE-2018-7998-b7f96901",
        "signature_type": "Line",
        "target": {
            "file": "libvips/foreign/foreign.c"
        },
        "signature_version": "v1"
    }
]
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-7998.json"