CVE-2020-20739

Name
CVE-2020-20739
Description
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Exploit https://github.com/libvips/libvips/issues/1419
Patch https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a
Mailing List https://lists.debian.org/debian-lts-announce/2020/11/msg00049.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZULVPQQ4QDFSQCXFYBUXEM7UXJAOKLSP/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZULVPQQ4QDFSQCXFYBUXEM7UXJAOKLSP/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:libvips_project:libvips:*:*:*:*:*:*:*:* libvips >= None < 8.8.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status