USN-6437-1

Source
https://ubuntu.com/security/notices/USN-6437-1
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6437-1.json
JSON Data
https://api.osv.dev/v1/vulns/USN-6437-1
Related
Published
2023-10-18T14:40:28.346667Z
Modified
2023-10-18T14:40:28.346667Z
Summary
vips vulnerabilities
Details

Ziqiang Gu discovered that VIPS could be made to dereference a NULL pointer. If a user or automated system were tricked into processing a specially crafted input image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-7998)

It was discovered that VIPS did not properly handle uninitialized memory locations when processing corrupted input image data. An attacker could possibly use this issue to generate output images that expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-6976)

It was discovered that VIPS did not properly manage memory due to an uninitialized variable. If a user or automated system were tricked into processing a specially crafted output file, an attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-20739)

It was discovered that VIPS could be made to divide by zero in multiple funcions. If a user or automated system were tricked into processing a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-27847)

It was discovered that VIPS did not properly handle certain input files that contained malformed UTF-8 characters. If a user or automated system were tricked into processing a specially crafted SVG image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-40032)

References

Affected packages

Ubuntu:Pro:16.04:LTS / vips

Package

Name
vips
Purl
pkg:deb/ubuntu/vips@8.2.2-1ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.2.2-1ubuntu0.1~esm1

Affected versions

7.*

7.40.6-2ubuntu2

8.*

8.0.2-2
8.2.1-1
8.2.2-1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "8.2.2-1ubuntu0.1~esm1",
            "binary_name": "gir1.2-vips-8.0"
        },
        {
            "binary_version": "8.2.2-1ubuntu0.1~esm1",
            "binary_name": "libvips-dev"
        },
        {
            "binary_version": "8.2.2-1ubuntu0.1~esm1",
            "binary_name": "libvips-doc"
        },
        {
            "binary_version": "8.2.2-1ubuntu0.1~esm1",
            "binary_name": "libvips-tools"
        },
        {
            "binary_version": "8.2.2-1ubuntu0.1~esm1",
            "binary_name": "libvips-tools-dbgsym"
        },
        {
            "binary_version": "8.2.2-1ubuntu0.1~esm1",
            "binary_name": "libvips42"
        },
        {
            "binary_version": "8.2.2-1ubuntu0.1~esm1",
            "binary_name": "libvips42-dbgsym"
        },
        {
            "binary_version": "8.2.2-1ubuntu0.1~esm1",
            "binary_name": "python-vipscc"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / vips

Package

Name
vips
Purl
pkg:deb/ubuntu/vips@8.4.5-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.4.5-1ubuntu0.1~esm1

Affected versions

8.*

8.4.5-1build1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "8.4.5-1ubuntu0.1~esm1",
            "binary_name": "gir1.2-vips-8.0"
        },
        {
            "binary_version": "8.4.5-1ubuntu0.1~esm1",
            "binary_name": "libvips-dev"
        },
        {
            "binary_version": "8.4.5-1ubuntu0.1~esm1",
            "binary_name": "libvips-doc"
        },
        {
            "binary_version": "8.4.5-1ubuntu0.1~esm1",
            "binary_name": "libvips-tools"
        },
        {
            "binary_version": "8.4.5-1ubuntu0.1~esm1",
            "binary_name": "libvips-tools-dbgsym"
        },
        {
            "binary_version": "8.4.5-1ubuntu0.1~esm1",
            "binary_name": "libvips42"
        },
        {
            "binary_version": "8.4.5-1ubuntu0.1~esm1",
            "binary_name": "libvips42-dbgsym"
        },
        {
            "binary_version": "8.4.5-1ubuntu0.1~esm1",
            "binary_name": "python-vipscc"
        },
        {
            "binary_version": "8.4.5-1ubuntu0.1~esm1",
            "binary_name": "python-vipscc-dbgsym"
        }
    ]
}

Ubuntu:Pro:22.04:LTS / vips

Package

Name
vips
Purl
pkg:deb/ubuntu/vips@8.12.1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.12.1-1ubuntu0.1~esm1

Affected versions

8.*

8.10.5-2ubuntu1
8.11.4-2
8.12.1-1
8.12.1-1build1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "8.12.1-1ubuntu0.1~esm1",
            "binary_name": "gir1.2-vips-8.0"
        },
        {
            "binary_version": "8.12.1-1ubuntu0.1~esm1",
            "binary_name": "libvips-dev"
        },
        {
            "binary_version": "8.12.1-1ubuntu0.1~esm1",
            "binary_name": "libvips-doc"
        },
        {
            "binary_version": "8.12.1-1ubuntu0.1~esm1",
            "binary_name": "libvips-tools"
        },
        {
            "binary_version": "8.12.1-1ubuntu0.1~esm1",
            "binary_name": "libvips-tools-dbgsym"
        },
        {
            "binary_version": "8.12.1-1ubuntu0.1~esm1",
            "binary_name": "libvips42"
        },
        {
            "binary_version": "8.12.1-1ubuntu0.1~esm1",
            "binary_name": "libvips42-dbgsym"
        }
    ]
}