Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
libvips csvload.c vips_foreign_load_csv_build heap-based overflow
Vulnerability Description
A vulnerability was found in libvips up to 8.18.0. This affects the function vips_foreign_load_csv_build of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch is identified as b3ab458a25e0e261cbd1788474bbc763f7435780. It is advisable to implement a patch to correct this issue.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
堆缓冲区溢出
Vulnerability Title
libvips 安全漏洞
Vulnerability Description
libvips是libvips开源的一个具有低内存需求的快速图像处理库。 libvips 8.18.0及之前版本存在安全漏洞,该漏洞源于libvips/foreign/csvload.c文件中函数存在堆缓冲区溢出,可能导致执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A