Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-17534

Опубликовано: 13 окт. 2019
Источник: debian
EPSS Низкий

Описание

vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
vipsnot-affectedpackage

Примечания

  • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16796

  • Introduced by: https://github.com/libvips/libvips/commit/https://github.com/libvips/libvips/commit/25e457736173369dcb0f7c09d07af68aedbdc175

  • Fixed by: https://github.com/libvips/libvips/commit/ce684dd008532ea0bf9d4a1d89bacb35f4a83f4d

EPSS

Процентиль: 76%
0.00988
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2019-17534

CVSS3: 8.8
ubuntu
больше 6 лет назад

vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.

nvd логотип

CVE-2019-17534

CVSS3: 8.8
nvd
больше 6 лет назад

vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.

github логотип

GHSA-4hqm-7w7w-5w4r

CVSS3: 8.8
github
больше 3 лет назад

vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.

EPSS

Процентиль: 76%
0.00988
Низкий