PRIOn knowledge basePRION:CVE-2020-20739

HistoryNov 20, 2020 - 7:15 p.m.

Path traversal

2020-11-2019:15:00

PRIOn knowledge base

www.prio-n.com

5.5 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

72.7%

JSON

im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.

CPENameOperatorVersion
debian_linuxeq9.0
fedoraeq32
fedoraeq32
libvipslt8.8.2

Name	Operator	Version
debian_linux	eq	9.0
fedora	eq	32
fedora	eq	32
libvips	lt	8.8.2

References

github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a

github.com/libvips/libvips/issues/1419

lists.debian.org/debian-lts-announce/2020/11/msg00049.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZULVPQQ4QDFSQCXFYBUXEM7UXJAOKLSP/