Lucene search
K

32 matches found

Mageia
Mageia
added 6 days ago4 views

Updated vips packages fix security vulnerabilities

This update fixes several security issues: A flaw has been found in libvips up to 8.18.0. The affected element is the function vipsforeignloadmatrixfileisa/vipsforeignloadmatrixheader of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack need...

7.8CVSS5.6AI score0.00209EPSS
Exploits3References2
EUVD
EUVD
added 2026/04/17 3:31 p.m.7 views

EUVD-2026-23432

A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...

5.3CVSS5.8AI score0.0016EPSS
Exploits0References8
Vulnrichment
Vulnrichment
added 2026/04/17 1:45 p.m.8 views

CVE-2026-6491 libvips nip2 vips7compat.c im_minpos_vec heap-based overflow

A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...

5.3CVSS5.8AI score0.0016EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/17 1:45 p.m.4 views

CVE-2026-6491

A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...

5.3CVSS5.6AI score0.0016EPSS
Exploits0References7
CVE
CVE
added 2026/04/17 1:45 p.m.22 views

CVE-2026-6491

Affected software and component: libvips (up to 8.18.2), specifically the nip2 Handler’s function im_minpos_vec in libvips/deprecated/vips7compat.c. Root cause / vulnerability: manipulation of the argument n leads to a heap-based buffer overflow. Impact (as stated): local attack feasibility with ...

5.3CVSS5.9AI score0.0016EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/04/17 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-6491

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat....

5.3CVSS5.5AI score0.0016EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.14 views

PT-2026-33455

Name of the Vulnerable Software and Affected Versions libvips versions prior to 8.19 Description A heap-based buffer overflow exists in the nip2 Handler component within the im minpos vec function of the file libvips/deprecated/vips7compat.c. This issue occurs when the argument n is manipulated,...

5.3CVSS6.3AI score0.0016EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 2025/08/25 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2017-17514

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers t...

8.8CVSS7.4AI score0.01685EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 4:36 a.m.5 views

SUSE CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...

8.8CVSS6.9AI score0.01685EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2017/12/14 4:29 p.m.25 views

CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...

8.8CVSS7.2AI score0.01685EPSS
Exploits0References3
NVD
NVD
added 2017/12/14 4:29 p.m.37 views

CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...

8.8CVSS8.6AI score0.01685EPSS
Exploits0References2
OSV
OSV
added 2017/12/14 4:29 p.m.13 views

CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...

8.8CVSS8.5AI score0.01685EPSS
Exploits0References2
OSV
OSV
added 2017/12/14 4:29 p.m.4 views

DEBIAN-CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...

8.8CVSS8.1AI score0.01685EPSS
Exploits0References1
Prion
Prion
added 2017/12/14 4:29 p.m.20 views

Design/Logic Flaw

DISPUTED boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the...

6.8CVSS8.5AI score0.01685EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2017/12/14 4:29 p.m.6 views

UBUNTU-CVE-2017-17514

DISPUTED boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the...

8.8CVSS7.3AI score0.01685EPSS
Exploits0References4
CVE
CVE
added 2017/12/14 4:0 p.m.56 views

CVE-2017-17514

CVE-2017-17514 affects nip2 8.4.0: boxes.c does not validate strings before launching the program specified by BROWSER, potentially enabling argument-injection via a crafted URL. The description notes that the product may not actually use the BROWSER variable. Connected documents corroborate the ...

8.8CVSS8.4AI score0.01685EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/12/14 4:0 p.m.29 views

CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...

8.6AI score0.01685EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2017/12/14 4:0 p.m.52 views

CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...

8.8CVSS8.6AI score0.01685EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2017/12/14 4:0 p.m.14 views

CVE-2017-17514

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER...

6.8AI score0.01685EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2017/12/14 12:0 a.m.6 views

PT-2017-14825 · Vips +2 · Nip2 +2

Name of the Vulnerable Software and Affected Versions: nip2 version 8.4.0 Description: The issue concerns the lack of validation for strings before launching a program specified by the BROWSER environment variable, potentially allowing remote attackers to conduct argument-injection attacks via a...

8.8CVSS8.6AI score0.01685EPSS
Exploits0References16
Rows per page
Query Builder