Lucene search

K
debianDebianDEBIAN:DLA-1306-1:BAA7B
HistoryMar 11, 2018 - 5:50 p.m.

[SECURITY] [DLA 1306-1] vips security update

2018-03-1117:50:37
lists.debian.org
13

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.009

Percentile

82.3%

Package : vips
Version : 7.28.5-1+deb7u2
CVE ID : CVE-2018-7998
Debian Bug : #892589

It was discovered that there was NULL function pointer dereference
vulnerability in vips, an image processing system for very large images.

Remote attackers could cause a denial of service via a specially-crafted
image file which occurred due to a race condition involving a failed
image load and other worker threads.

For Debian 7 "Wheezy", this issue has been fixed in vips version
7.28.5-1+deb7u2.

We recommend that you upgrade your vips packages.

Regards,


  ,''`.
 : :'  :     Chris Lamb
 `. `'`      [email protected] / chris-lamb.co.uk
   `-

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

6.8

Confidence

High

EPSS

0.009

Percentile

82.3%