PT-2023-27226 · Libvips+3 · Libvips+3

Christopher Krah

·

Publicado

2020-10-08

·

Atualizado

2025-04-21

·

CVE-2023-40032

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions libvips versions 8.14.3 or earlier
Description A specially crafted SVG input can cause libvips to segfault when attempting to parse a malformed UTF-8 character. libvips is a demand-driven, horizontally threaded image processing library.
Recommendations For libvips versions 8.14.3 or earlier, upgrade to libvips version 8.14.4 (or later) when processing untrusted input.

Exploit

Correção

NULL Pointer Dereference

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-476

Identificadores relacionados

ALT-PU-2020-2977
ALT-PU-2024-5975
CVE-2023-40032
GHSA-33QP-9PQ7-9584
USN-6437-1

Produtos afetados

Alt Linux
Linuxmint
Ubuntu
Libvips