libvips 8.8.0 Release Candidate 3

CPE Details

libvips 8.8.0 Release Candidate 3
libvips
libvips
8.8.0
2023-09-29
09h18 +00:00
2023-09-29
09h18 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:libvips:libvips:8.8.0:rc3:*:*:*:*:*:*

Informations

Vendor

libvips

Product

libvips

Version

8.8.0

Update

rc3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-59933 2025-09-29 22h04 +00:00 libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.
5.1
Medium
CVE-2020-20739 2020-11-20 17h16 +00:00 im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
5.3
Medium
CVE-2019-17534 2019-10-12 23h59 +00:00 vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.
8.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.