CVE-2019-17534

Опубликовано: 13 окт. 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.

Ссылки

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16796
Exploit
Issue Tracking
Third Party Advisory
https://github.com/libvips/libvips/commit/ce684dd008532ea0bf9d4a1d89bacb35f4a83f4d
Patch
https://github.com/libvips/libvips/compare/v8.8.1...v8.8.2
Patch
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16796
Exploit
Issue Tracking
Third Party Advisory
https://github.com/libvips/libvips/commit/ce684dd008532ea0bf9d4a1d89bacb35f4a83f4d
Patch
https://github.com/libvips/libvips/compare/v8.8.1...v8.8.2
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:libvips:libvips:*:*:*:*:*:*:*:*

Версия до 8.8.2 (исключая)

EPSS

Процентиль: 76%

0.00988

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-416

Связанные уязвимости

CVE-2019-17534

CVSS3: 8.8

ubuntu

больше 6 лет назад

vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.

CVE-2019-17534

CVSS3: 8.8

debian

больше 6 лет назад

vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips befor ...

GHSA-4hqm-7w7w-5w4r

CVSS3: 8.8

github

больше 3 лет назад

vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.

EPSS

Процентиль: 76%

0.00988

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-416