PT-2019-18392 · Libvips+3 · Libvips+3

Publicado

2019-01-26

·

Atualizado

2025-01-17

·

CVE-2019-6976

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions libvips versions prior to 8.7.4
Description The issue arises when libvips processes corrupted input image data, resulting in the generation of output images from uninitialized memory locations. This occurs because the allocated memory is not zeroed out in iofuncs/memory.c. As a consequence, raw process memory contents can be leaked through the output image.
Recommendations For versions prior to 8.7.4, update to version 8.7.4 or later to resolve the issue.

Correção

Use of Uninitialized Resource

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-908

Identificadores relacionados

ALT-PU-2020-1098
ALT-PU-2020-2977
ALT-PU-2025-1396
CVE-2019-6976
USN-6437-1

Produtos afetados

Alt Linux
Linuxmint
Ubuntu
Libvips