Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 22.04, 18.04: USN-6437-1 Critical VIPS Denial Of Service

ubuntu
Calendar Grey October 18, 2023
Dist Ubuntu Esm H88
Uncover the latest safety notice for VIPS concerning multiple vulnerabilities in Ubuntu 22.04 and 18.04. Ensure your systems are secure!
Several security issues were fixed in VIPS.

Summary

Several security issues were fixed in VIPS.

Software Description:

- vips: GObject introspection data for VIPS

Details:

Ziqiang Gu discovered that VIPS could be made to dereference a NULL

pointer. If a user or automated system were tricked into processing

a specially crafted input image file, an attacker could possibly use

this issue to cause a denial of service. This issue only affected

Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-7998)

It was discovered that VIPS did not properly handle uninitialized memory

locations when processing corrupted input image data. An attacker could

possibly use this issue to generate output images that expose sensitive

information. This issue only affected Ubuntu 16.04 LTS

and Ubuntu 18.04 LTS. (CVE-2019-6976)

It was discovered that VIPS did not properly manage memory due to an

uninitialized variable. If a user or automated system were tricked into

processing a specially crafted output file, an attacker could possibly

u...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS (Available with Ubuntu Pro):
   gir1.2-vips-8.0                 8.12.1-1ubuntu0.1~esm1
   libvips-tools                   8.12.1-1ubuntu0.1~esm1
   libvips42                       8.12.1-1ubuntu0.1~esm1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   gir1.2-vips-8.0                 8.4.5-1ubuntu0.1~esm1
   libvips-tools                   8.4.5-1ubuntu0.1~esm1
   libvips42                       8.4.5-1ubuntu0.1~esm1
   python-vipscc                   8.4.5-1ubuntu0.1~esm1

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   gir1.2-vips-8.0                 8.2.2-1ubuntu0.1~esm1
   libvips-tools                   8.2.2-1ubuntu0.1~esm1
   libvips42                       8.2.2-1ubuntu0.1~esm1
   python-vipscc                   8.2.2-1ubuntu0.1~esm1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6437-1

CVE-2018-7998, CVE-2019-6976, CVE-2020-20739, CVE-2021-27847,

CVE-2023-40032

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6437-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here