Your submission was sent successfully! Close

CVE-2018-7998

Published: 09 March 2018

In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
vips
Launchpad, Ubuntu, Debian
Upstream
Released (8.4.5-2)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(8.6.3)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(8.6.3)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(8.6.3)
Ubuntu 18.04 LTS (Bionic Beaver) Needed

Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needed)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was needs-triage)