Lucene search

DebianDEBIAN:DLA-1306-1:BAA7B

HistoryMar 11, 2018 - 5:50 p.m.

[SECURITY] [DLA 1306-1] vips security update

2018-03-1117:50:37

lists.debian.org

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

6.8 Medium

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

82.3%

JSON

Package : vips
Version : 7.28.5-1+deb7u2
CVE ID : CVE-2018-7998
Debian Bug : #892589

It was discovered that there was NULL function pointer dereference
vulnerability in vips, an image processing system for very large images.

Remote attackers could cause a denial of service via a specially-crafted
image file which occurred due to a race condition involving a failed
image load and other worker threads.

For Debian 7 "Wheezy", this issue has been fixed in vips version
7.28.5-1+deb7u2.

We recommend that you upgrade your vips packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian9i386libvips-tools-dbgsym< 8.4.5-1+deb9u1libvips-tools-dbgsym_8.4.5-1+deb9u1_i386.deb
Debian9ppc64ellibvips42< 8.4.5-1+deb9u1libvips42_8.4.5-1+deb9u1_ppc64el.deb
Debian7amd64libvips-dev< 7.28.5-1+deb7u2libvips-dev_7.28.5-1+deb7u2_amd64.deb
Debian9mipslibvips42-dbgsym< 8.4.5-1+deb9u1libvips42-dbgsym_8.4.5-1+deb9u1_mips.deb
Debian9ppc64elgir1.2-vips-8.0< 8.4.5-1+deb9u1gir1.2-vips-8.0_8.4.5-1+deb9u1_ppc64el.deb
Debian7armellibvips15< 7.28.5-1+deb7u2libvips15_7.28.5-1+deb7u2_armel.deb
Debian9s390xlibvips42< 8.4.5-1+deb9u1libvips42_8.4.5-1+deb9u1_s390x.deb
Debian9allvips< 8.4.5-1+deb9u1vips_8.4.5-1+deb9u1_all.deb
Debian7amd64libvips-tools< 7.28.5-1+deb7u2libvips-tools_7.28.5-1+deb7u2_amd64.deb
Debian9armhflibvips42< 8.4.5-1+deb9u1libvips42_8.4.5-1+deb9u1_armhf.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	i386	libvips-tools-dbgsym	< 8.4.5-1+deb9u1	libvips-tools-dbgsym_8.4.5-1+deb9u1_i386.deb
Debian	9	ppc64el	libvips42	< 8.4.5-1+deb9u1	libvips42_8.4.5-1+deb9u1_ppc64el.deb
Debian	7	amd64	libvips-dev	< 7.28.5-1+deb7u2	libvips-dev_7.28.5-1+deb7u2_amd64.deb
Debian	9	mips	libvips42-dbgsym	< 8.4.5-1+deb9u1	libvips42-dbgsym_8.4.5-1+deb9u1_mips.deb
Debian	9	ppc64el	gir1.2-vips-8.0	< 8.4.5-1+deb9u1	gir1.2-vips-8.0_8.4.5-1+deb9u1_ppc64el.deb
Debian	7	armel	libvips15	< 7.28.5-1+deb7u2	libvips15_7.28.5-1+deb7u2_armel.deb
Debian	9	s390x	libvips42	< 8.4.5-1+deb9u1	libvips42_8.4.5-1+deb9u1_s390x.deb
Debian	9	all	vips	< 8.4.5-1+deb9u1	vips_8.4.5-1+deb9u1_all.deb
Debian	7	amd64	libvips-tools	< 7.28.5-1+deb7u2	libvips-tools_7.28.5-1+deb7u2_amd64.deb
Debian	9	armhf	libvips42	< 8.4.5-1+deb9u1	libvips42_8.4.5-1+deb9u1_armhf.deb