Libvips
Monthly
Heap-based buffer overflow in libvips up to version 8.18.2 via the deprecated im_minpos_vec function in libvips/deprecated/vips7compat.c allows authenticated local attackers to trigger memory corruption through manipulation of the argument n, with publicly available exploit code confirmed and vendor commitment to remove the deprecated code in libvips 8.19.
A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. [CVSS 3.3 LOW]
A vulnerability has been found in libvips 8.19.0. This issue affects the function vips_extract_band_build of the file libvips/conversion/extract.c. [CVSS 3.3 LOW]
A flaw has been found in libvips 8.19.0. This vulnerability affects the function vips_unpremultiply_build of the file libvips/conversion/unpremultiply.c. [CVSS 3.3 LOW]
Heap-based buffer overflow in libvips 8.19.0's vips_bandrank_build function can be triggered by manipulating the index argument, allowing local attackers with user privileges to corrupt heap memory and potentially achieve code execution. Public exploit code exists for this vulnerability, and a patch is available to address the issue.
Libvips up to version 8.18.0 contains a heap buffer overflow in the CSV parsing function that allows local attackers with user-level privileges to corrupt memory and potentially execute arbitrary code. Public exploit code is available for this vulnerability, and a patch has been released to address the issue.
A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. [CVSS 3.3 LOW]
Memory corruption in libvips up to version 8.18.0 affects the matrix file loading functionality, allowing local attackers with user privileges to corrupt memory through crafted input files. Public exploit code is available for this vulnerability, and a patch has been released to remediate the issue.
A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. [CVSS 2.5 LOW]
libvips is a demand-driven, horizontally threaded image processing library. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity.
libvips is a demand-driven, horizontally threaded image processing library. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available.
Heap-based buffer overflow in libvips up to version 8.18.2 via the deprecated im_minpos_vec function in libvips/deprecated/vips7compat.c allows authenticated local attackers to trigger memory corruption through manipulation of the argument n, with publicly available exploit code confirmed and vendor commitment to remove the deprecated code in libvips 8.19.
A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. [CVSS 3.3 LOW]
A vulnerability has been found in libvips 8.19.0. This issue affects the function vips_extract_band_build of the file libvips/conversion/extract.c. [CVSS 3.3 LOW]
A flaw has been found in libvips 8.19.0. This vulnerability affects the function vips_unpremultiply_build of the file libvips/conversion/unpremultiply.c. [CVSS 3.3 LOW]
Heap-based buffer overflow in libvips 8.19.0's vips_bandrank_build function can be triggered by manipulating the index argument, allowing local attackers with user privileges to corrupt heap memory and potentially achieve code execution. Public exploit code exists for this vulnerability, and a patch is available to address the issue.
Libvips up to version 8.18.0 contains a heap buffer overflow in the CSV parsing function that allows local attackers with user-level privileges to corrupt memory and potentially execute arbitrary code. Public exploit code is available for this vulnerability, and a patch has been released to address the issue.
A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. [CVSS 3.3 LOW]
Memory corruption in libvips up to version 8.18.0 affects the matrix file loading functionality, allowing local attackers with user privileges to corrupt memory through crafted input files. Public exploit code is available for this vulnerability, and a patch has been released to remediate the issue.
A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. [CVSS 2.5 LOW]
libvips is a demand-driven, horizontally threaded image processing library. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity.
libvips is a demand-driven, horizontally threaded image processing library. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. Public exploit code available.