CVE-2019-17534
- Source
- https://cve.org/CVERecord?id=CVE-2019-17534
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17534.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-17534
- Downstream
- Published
- 2019-10-13T02:15:12.317Z
- Modified
- 2026-04-11T12:42:18.372950Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
vipsforeignloadgifscan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.
- References
Affected packages
Git / github.com/libvips/libvips
Affected versions
v7.*
v7.28.0
v8.*
v8.0-beta
v8.1
v8.2.2
v8.3.0
v8.5.1
v8.5.2
v8.5.3
v8.6.0
v8.6.0-alpha1
v8.6.0-alpha2
v8.6.0-beta1
v8.6.0-beta2
v8.7.0
v8.7.0-alpha2
v8.7.0-rc1
v8.7.0-rc2
v8.7.0-rc3
v8.8.0
v8.8.0-rc1
v8.8.0-rc2
v8.8.0-rc3
v8.8.1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-17534.json"
vanir_signatures
[
{
"digest": {
"length": 1072.0,
"function_hash": "267269975838710818814318024267592381909"
},
"id": "CVE-2019-17534-3a28aa03",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/libvips/libvips/commit/ce684dd008532ea0bf9d4a1d89bacb35f4a83f4d",
"target": {
"function": "vips_foreign_load_gif_scan_image",
"file": "libvips/foreign/gifload.c"
}
},
{
"digest": {
"length": 4038.0,
"function_hash": "222320631276143992629725486564266434665"
},
"id": "CVE-2019-17534-45a6fd0e",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"source": "https://github.com/libvips/libvips/commit/6ea76f9632edd93a716533acb78e7f6bd7089fe4",
"target": {
"function": "read_jpeg_header",
"file": "libvips/foreign/jpeg2vips.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"125972106182712768501205550043563232520",
"86039469205557756946793548815830721573",
"88821371842791875340927780191313916485",
"77321317125073647324253898459710890524",
"154057355696739768365072229679567670185",
"244277135587429140701503486848767944083",
"21734349347026488473724128397556756436",
"9526486098358187007820695027713276441",
"216634604053247192044250025449613641808",
"286742946168779614417633791036156230208",
"234081553680285278521543908288125626223",
"77644325345481531206301909079295925322",
"58189127241607797732055871855340681054",
"127209824266690391183367214157703481504",
"262563188951938984018963082140095202961",
"36386234001265852768838143608841138472"
]
},
"id": "CVE-2019-17534-9c4272ef",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/libvips/libvips/commit/6ea76f9632edd93a716533acb78e7f6bd7089fe4",
"target": {
"file": "libvips/foreign/jpeg2vips.c"
}
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"110566715389879143766968118980731266514",
"3269976180629194192668355476778417600",
"279703337617906194459669100222267181909",
"36537502664305200477660330235890739677",
"265537486238157883556285174236897827944",
"252038346157081678925936540141871989338",
"185228460725663856311005027666787748044",
"94935007322339817507805487416192141480"
]
},
"id": "CVE-2019-17534-eabd8546",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"source": "https://github.com/libvips/libvips/commit/ce684dd008532ea0bf9d4a1d89bacb35f4a83f4d",
"target": {
"file": "libvips/foreign/gifload.c"
}
}
]
vanir_signatures_modified
"2026-04-11T12:42:18Z"