Main Vulnerability Database SB2018030920

SB2018030920 - Denial of service in libvips

Published: March 9, 2018 Updated: October 13, 2019

Security Bulletin ID SB2018030920

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) NULL pointer dereference (CVE-ID: CVE-2018-7998)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the vips_region_generate() function in region.c in the libvips library. A remote attacker can pass specially crafted input to the library and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5
https://github.com/jcupitt/libvips/issues/893
https://lists.debian.org/debian-lts-announce/2018/03/msg00009.html