CVE-2020-20739

Опубликовано: 20 нояб. 2020

Источник: debian

EPSS Низкий

Описание

im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
vips	fixed	8.9.0-1		package
vips	fixed	8.7.4-1+deb10u1	buster	package

Примечания

https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a (v8.9.0-alpha1)
https://github.com/libvips/libvips/issues/1419

EPSS

Процентиль: 42%

0.002

Низкий

Связанные уязвимости

CVE-2020-20739

CVSS3: 5.3

ubuntu

около 5 лет назад

im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.

CVE-2020-20739

CVSS3: 5.3

nvd

около 5 лет назад

im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.

GHSA-62hp-w5vm-g7xm

CVSS3: 5.3

github

больше 3 лет назад

im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.

EPSS

Процентиль: 42%

0.002

Низкий