Ubuntu.comUB:CVE-2023-40032CVE-2023-40032
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
5.1%
libvips is a demand-driven, horizontally threaded image processing library.
A specially crafted SVG input can cause libvips versions 8.14.3 or earlier
to segfault when attempting to parse a malformed UTF-8 character. Users
should upgrade to libvips version 8.14.4 (or later) when processing
untrusted input.
References
github.com/libvips/libvips/commit/e091d65835966ef56d53a4105a7362cafdb1582b
github.com/libvips/libvips/pull/3604
github.com/libvips/libvips/security/advisories/GHSA-33qp-9pq7-9584
launchpad.net/bugs/cve/CVE-2023-40032
nvd.nist.gov/vuln/detail/CVE-2023-40032
security-tracker.debian.org/tracker/CVE-2023-40032
ubuntu.com/security/notices/USN-6437-1
www.cve.org/CVERecord?id=CVE-2023-40032
Related
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
0.0004 Low
EPSS
Percentile
5.1%