CVE-2018-7998

In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vipsregiongenerate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads.

Database specific

{
    "unresolved_ranges": [
        {
            "vendor_product": "debian:debian_linux",
            "cpes": [
                "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"
            ],
            "extracted_events": [
                {
                    "last_affected": "7.0"
                }
            ],
            "source": "CPE_STRING"
        }
    ]
}

References

Affected packages

Git / github.com/jcupitt/libvips

Affected ranges

Type

GIT

Repo

https://github.com/jcupitt/libvips

Events

Introduced

Fixed

20d840e6da15c1574b3ed998bc92f91d1e36c2a5

Database specific

{
    "source": "REFERENCES"
}

Affected versions

v7.*

v7.28.0

v8.*

v8.0-beta

v8.1

v8.2.2

v8.3.0

v8.5.1

v8.5.2

v8.5.3

v8.6.0

v8.6.0-alpha1

v8.6.0-alpha2

v8.6.0-beta1

v8.6.0-beta2

v8.6.1

v8.6.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7998.json"

Git / github.com/libvips/libvips

Affected ranges

Type

GIT

Repo

https://github.com/libvips/libvips

Events

Introduced

Fixed

29e05dabaf0772bac57bad63b2e09ce1c9298c4b

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "8.6.3"
        }
    ],
    "cpe": "cpe:2.3:a:libvips:libvips:*:*:*:*:*:*:*:*",
    "source": "CPE_RANGE"
}

Affected versions

v7.*

v7.28.0

v8.*

v8.0-beta

v8.1

v8.2.2

v8.3.0

v8.5.1

v8.5.2

v8.5.3

v8.6.0

v8.6.0-alpha1

v8.6.0-alpha2

v8.6.0-beta1

v8.6.0-beta2

v8.6.1

v8.6.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-7998.json"