USN-6437-1
- Source
- https://ubuntu.com/security/notices/USN-6437-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6437-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-6437-1
- Related
- Published
- 2023-10-18T14:40:28.346667Z
- Modified
- 2023-10-18T14:40:28.346667Z
- Summary
- vips vulnerabilities
- Details
-
Ziqiang Gu discovered that VIPS could be made to dereference a NULL pointer. If a user or automated system were tricked into processing a specially crafted input image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-7998)
It was discovered that VIPS did not properly handle uninitialized memory locations when processing corrupted input image data. An attacker could possibly use this issue to generate output images that expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-6976)
It was discovered that VIPS did not properly manage memory due to an uninitialized variable. If a user or automated system were tricked into processing a specially crafted output file, an attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-20739)
It was discovered that VIPS could be made to divide by zero in multiple funcions. If a user or automated system were tricked into processing a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-27847)
It was discovered that VIPS did not properly handle certain input files that contained malformed UTF-8 characters. If a user or automated system were tricked into processing a specially crafted SVG image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-40032)
- References
Affected packages
Ubuntu:Pro:16.04:LTS / vips
Package
- Name
- vips
- Purl
- pkg:deb/ubuntu/vips@8.2.2-1ubuntu0.1~esm1?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.2.2-1ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "8.2.2-1ubuntu0.1~esm1",
"binary_name": "gir1.2-vips-8.0"
},
{
"binary_version": "8.2.2-1ubuntu0.1~esm1",
"binary_name": "libvips-dev"
},
{
"binary_version": "8.2.2-1ubuntu0.1~esm1",
"binary_name": "libvips-doc"
},
{
"binary_version": "8.2.2-1ubuntu0.1~esm1",
"binary_name": "libvips-tools"
},
{
"binary_version": "8.2.2-1ubuntu0.1~esm1",
"binary_name": "libvips-tools-dbgsym"
},
{
"binary_version": "8.2.2-1ubuntu0.1~esm1",
"binary_name": "libvips42"
},
{
"binary_version": "8.2.2-1ubuntu0.1~esm1",
"binary_name": "libvips42-dbgsym"
},
{
"binary_version": "8.2.2-1ubuntu0.1~esm1",
"binary_name": "python-vipscc"
}
]
}
Ubuntu:Pro:18.04:LTS / vips
Package
- Name
- vips
- Purl
- pkg:deb/ubuntu/vips@8.4.5-1ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.4.5-1ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "8.4.5-1ubuntu0.1~esm1",
"binary_name": "gir1.2-vips-8.0"
},
{
"binary_version": "8.4.5-1ubuntu0.1~esm1",
"binary_name": "libvips-dev"
},
{
"binary_version": "8.4.5-1ubuntu0.1~esm1",
"binary_name": "libvips-doc"
},
{
"binary_version": "8.4.5-1ubuntu0.1~esm1",
"binary_name": "libvips-tools"
},
{
"binary_version": "8.4.5-1ubuntu0.1~esm1",
"binary_name": "libvips-tools-dbgsym"
},
{
"binary_version": "8.4.5-1ubuntu0.1~esm1",
"binary_name": "libvips42"
},
{
"binary_version": "8.4.5-1ubuntu0.1~esm1",
"binary_name": "libvips42-dbgsym"
},
{
"binary_version": "8.4.5-1ubuntu0.1~esm1",
"binary_name": "python-vipscc"
},
{
"binary_version": "8.4.5-1ubuntu0.1~esm1",
"binary_name": "python-vipscc-dbgsym"
}
]
}
Ubuntu:Pro:22.04:LTS / vips
Package
- Name
- vips
- Purl
- pkg:deb/ubuntu/vips@8.12.1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.12.1-1ubuntu0.1~esm1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_version": "8.12.1-1ubuntu0.1~esm1",
"binary_name": "gir1.2-vips-8.0"
},
{
"binary_version": "8.12.1-1ubuntu0.1~esm1",
"binary_name": "libvips-dev"
},
{
"binary_version": "8.12.1-1ubuntu0.1~esm1",
"binary_name": "libvips-doc"
},
{
"binary_version": "8.12.1-1ubuntu0.1~esm1",
"binary_name": "libvips-tools"
},
{
"binary_version": "8.12.1-1ubuntu0.1~esm1",
"binary_name": "libvips-tools-dbgsym"
},
{
"binary_version": "8.12.1-1ubuntu0.1~esm1",
"binary_name": "libvips42"
},
{
"binary_version": "8.12.1-1ubuntu0.1~esm1",
"binary_name": "libvips42-dbgsym"
}
]
}