CVE-2019-6976
N/A
N/A
Summary
libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a
- https://github.com/libvips/libvips/releases/tag/v8.7.4
- https://blog.silentsignal.eu/2019/04/18/drop-by-drop-bleeding-through-libvips/
References
- https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a
- https://github.com/libvips/libvips/releases/tag/v8.7.4
- https://blog.silentsignal.eu/2019/04/18/drop-by-drop-bleeding-through-libvips/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.