PT-2020-15278 · Libvips+3 · Libvips+3

Yifengchen-Cc

Published

2020-01-26

Updated

2025-01-17

CVE-2020-20739

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions libvips versions prior to 8.8.2

Description The issue is related to an uninitialized variable in the im vips2dz function, located in /libvips/libvips/deprecated/im vips2dz.c. This may cause the leakage of the remote server path or stack address.

Recommendations For versions prior to 8.8.2, update to version 8.8.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the im vips2dz function in /libvips/libvips/deprecated/im vips2dz.c until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-909

Related Identifiers

ALT-PU-2020-1098

ALT-PU-2020-2977

ALT-PU-2025-1396

CVE-2020-20739

DLA-2473-1

USN-6437-1

Affected Products

Alt Linux

Linuxmint

Ubuntu

Libvips

PT-2020-15278 · Libvips+3 · Libvips+3

CVE-2020-20739

Weakness Enumeration

Related Identifiers

Affected Products

References · 20