Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
libvips extract.c vips_extract_band_build out-of-bounds
Vulnerability Description
A vulnerability has been found in libvips 8.19.0. This issue affects the function vips_extract_band_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_band leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. To fix this issue, it is recommended to deploy a patch.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
跨界内存读
Vulnerability Title
libvips 缓冲区错误漏洞
Vulnerability Description
libvips是libvips开源的一个具有低内存需求的快速图像处理库。 libvips 8.19.0版本存在缓冲区错误漏洞,该漏洞源于对文件libvips/conversion/extract.c中函数vips_extract_band_build的参数extract_band的错误操作,可能导致越界读取。
CVSS Information
N/A
Vulnerability Type
N/A