libvips is a demand-driven multi-threaded image processing library. libvips versions prior to 8.8.2 are vulnerable to an information disclosure. The vulnerability stems from im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips having uninitialized variables. An attacker could use this vulnerability to obtain a remote server path or stack address.
CPE | Name | Operator | Version |
---|---|---|---|
libvips libvips | lt | 8.8.2 |