CVE-2023-40032

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libvips versions 8.14.3 or earlier

Description A specially crafted SVG input can cause libvips to segfault when attempting to parse a malformed UTF-8 character. libvips is a demand-driven, horizontally threaded image processing library.

Recommendations For libvips versions 8.14.3 or earlier, upgrade to libvips version 8.14.4 (or later) when processing untrusted input.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

ALT-PU-2020-2977

ALT-PU-2024-5975

CVE-2023-40032

GHSA-33QP-9PQ7-9584

USN-6437-1

Affected Products

Alt Linux

Linuxmint

Ubuntu

Libvips

CVE-2023-40032

Weakness Enumeration

Related Identifiers

Affected Products

References · 22