Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
89
security advisoryfedorabuffer overflowFedora 42: Critical Buffer Overflow Vulnerability in vips 8.17.3 Alert
New version of vips.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-107641b428 2025-12-18 01:10:20.380850+00:00 -------------------------------------------------------------------------------- Name : vips Product : Fedora 42 Version : 8.17.3 Release : 1.fc42 URL : https://www.libvips.org/ Summary : C/C++ library for processing large images Description : VIPS is an image processing library. It is good for very large images (even larger than the amount of RAM in your machine), and for working with color. This package should be installed if you want to use a program compiled against VIPS. -------------------------------------------------------------------------------- Update Information: New version of vips. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 9 2025 Adam Goode - 8.17.3-1 - Include missing changes for latest release * Tue Dec 9 2025 Adam Goode - 8.17.2-2 - Update to vips 8.17.3 * Fri Sep 19 2025 Kleis Auke Wolthuizen - 8.17.2-1 - Update to 8.17.2 * Tue Sep 9 2025 Sandro Mani - 8.17.1-3 - Rebuild (libimagequant) * Fri Jul 25 2025 Fedora Release Engineering - 8.17.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Mon Jul 7 2025 Kleis Auke Wolthuizen - 8.17.1-1 - Update to 8.17.1 - Resolves: rhbz#2351373 - Migrate API documentation to gi-docgen - Drop dependency on python3-cairo (due to vipsprofile removal) * Sat May 24 2025 Kleis Auke Wolthuizen - 8.16.1-2 - Build vips-doc package as noarch * Tue Apr 8 2025 Kleis Auke Wolthuizen - 8.16.1-1 - Update to 8.16.1 - Drop patch merged upstream - Refresh descriptions for vips-devel and vips-doc -------------------------------------------------------------------------------- References: [ 1 ] Bug #2401081 - CVE-2025-59933 vips: libvips Buffer Over-Read [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2401081 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-107641b428' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 18, 2025
•Critical
Fedora
89
security advisoryfedorabuffer overflowFedora 43: vips Important Buffer Over-Read Issue FEDORA-2025-d9707059b7
New version of vips.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-d9707059b7 2025-12-18 00:56:48.059006+00:00 -------------------------------------------------------------------------------- Name : vips Product : Fedora 43 Version : 8.17.3 Release : 1.fc43 URL : https://www.libvips.org/ Summary : C/C++ library for processing large images Description : VIPS is an image processing library. It is good for very large images (even larger than the amount of RAM in your machine), and for working with color. This package should be installed if you want to use a program compiled against VIPS. -------------------------------------------------------------------------------- Update Information: New version of vips. -------------------------------------------------------------------------------- ChangeLog: * Tue Dec 9 2025 Adam Goode - 8.17.3-1 - Include missing changes for latest release * Tue Dec 9 2025 Adam Goode - 8.17.2-2 - Update to vips 8.17.3 * Fri Sep 19 2025 Kleis Auke Wolthuizen - 8.17.2-1 - Update to 8.17.2 * Tue Sep 9 2025 Sandro Mani - 8.17.1-3 - Rebuild (libimagequant) * Fri Jul 25 2025 Fedora Release Engineering - 8.17.1-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild * Mon Jul 7 2025 Kleis Auke Wolthuizen - 8.17.1-1 - Update to 8.17.1 - Resolves: rhbz#2351373 - Migrate API documentation to gi-docgen - Drop dependency on python3-cairo (due to vipsprofile removal) * Sat May 24 2025 Kleis Auke Wolthuizen - 8.16.1-2 - Build vips-doc package as noarch -------------------------------------------------------------------------------- References: [ 1 ] Bug #2401081 - CVE-2025-59933 vips: libvips Buffer Over-Read [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2401081 -------------------------------------------------------------------------------- This update can be installed with the "dnf" updateprogram. Use su -c 'dnf upgrade --advisory FEDORA-2025-d9707059b7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list --
Dec 18, 2025
•Important
Fedora
197
security advisorydenial of servicebuffer overflowDebian LTS: DLA-4148-1 critical: vips buffer overflow denial of service
A heap-based buffer overflow was discovered in vips, an image processing system, which could lead to denial of service when processing specially crafted TIFF images. . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4148-1
Apr 30, 2025
•Critical
Debian LTS
172
security advisorydenial of servicecriticalUbuntu 22.04, 18.04: USN-6437-1 Critical VIPS Denial Of Service
Several security issues were fixed in VIPS.. ========================================================================== Ubuntu Security Notice USN-6437-1 October 18, 2023 vips vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) Summary: Several security issues were fixed in VIPS. Software Description: - vips: GObject introspection data for VIPS Details: Ziqiang Gu discovered that VIPS could be made to dereference a NULL pointer. If a user or automated system were tricked into processing a specially crafted input image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-7998) It was discovered that VIPS did not properly handle uninitialized memory locations when processing corrupted input image data. An attacker could possibly use this issue to generate output images that expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-6976) It was discovered that VIPS did not properly manage memory due to an uninitialized variable. If a user or automated system were tricked into processing a specially crafted output file, an attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-20739) It was discovered that VIPS could be made to divide by zero in multiple funcions. If a user or automated system were tricked into processing a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-27847) It was discovered that VIPS did not properly handle certain inputfiles that contained malformed UTF-8 characters. If a user or automated system were tricked into processing a specially crafted SVG image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-40032) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS (Available with Ubuntu Pro): gir1.2-vips-8.0 8.12.1-1ubuntu0.1~esm1 libvips-tools 8.12.1-1ubuntu0.1~esm1 libvips42 8.12.1-1ubuntu0.1~esm1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): gir1.2-vips-8.0 8.4.5-1ubuntu0.1~esm1 libvips-tools 8.4.5-1ubuntu0.1~esm1 libvips42 8.4.5-1ubuntu0.1~esm1 python-vipscc 8.4.5-1ubuntu0.1~esm1 Ubuntu 16.04 LTS (Available with Ubuntu Pro): gir1.2-vips-8.0 8.2.2-1ubuntu0.1~esm1 libvips-tools 8.2.2-1ubuntu0.1~esm1 libvips42 8.2.2-1ubuntu0.1~esm1 python-vipscc 8.2.2-1ubuntu0.1~esm1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6437-1 CVE-2018-7998, CVE-2019-6976, CVE-2020-20739, CVE-2021-27847, CVE-2023-40032 . Uncover the latest safety notice for VIPS concerning multiple vulnerabilities in Ubuntu 22.04 and 18.04. Ensure your systems are secure!. VIPS Security, Ubuntu Risks, Data Exposure, Service Issues. . Severity: Critical. LinuxSecurity.com Team
Oct 18, 2023
•Critical
Ubuntu
197
security advisorydebianDebianDebian 9 Stretch: DLA-2473-2 Moderate: VIPS Remote Address Leakage
In VIPS, an image processing system, an uninitialized variable which may cause the leakage of remote server path or stack address was fixed. For Debian 9 stretch, this problem has been fixed in version . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2473-1
Nov 30, 2020
Debian LTS
89
security advisoryupdateFedoraFedora: 2017-3a568adb31 Moderate Security Update for vips Released
Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac34977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog). Dependent packages are mostly straight rebuilds, a couple also include bugfix version updates. ---- rhbz#1490649 - emacs-25.3 is available rhbz#1490410 - unsafe enriched. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-3a568adb31 2017-09-19 14:22:11.619064 --------------------------------------------------------------------------------Name : vips Product : Fedora 25 Version : 8.4.4 Release : 1.fc25.1 URL : https://github.com/libvips/libvips Summary : C/C++ library for processing large images Description : VIPS is an image processing library. It is good for very large images (even larger than the amount of RAM in your machine), and for working with color. This package should be installed if you want to use a program compiled against VIPS. --------------------------------------------------------------------------------Update Information: Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac34977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog). Dependent packages are mostly straight rebuilds, a couple also include bugfix version updates. ---- rhbz#1490649 - emacs-25.3 is available rhbz#1490410 - unsafe enriched mode translations (security) --------------------------------------------------------------------------------References: [ 1 ] Bug #1490409 - CVE-2017-14482 emacs: Unsafe enriched mode translations https://bugzilla.redhat.com/show_bug.cgi?id=1490409 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade vips' at the command line. Formore information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 19, 2017
Fedora
89
security advisorysoftware updateFedoraFedora 26 vips Security Update: Critical Bug Fix and Improvements
Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac34977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog). Dependent packages are mostly straight rebuilds, a couple also include bugfix version updates.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2017-8f27031c8f 2017-09-19 02:41:35.415951 --------------------------------------------------------------------------------Name : vips Product : Fedora 26 Version : 8.5.8 Release : 2.fc26 URL : Summary : C/C++ library for processing large images Description : VIPS is an image processing library. It is good for very large images (even larger than the amount of RAM in your machine), and for working with color. This package should be installed if you want to use a program compiled against VIPS. --------------------------------------------------------------------------------Update Information: Many security fixes, bug fixes, and other changes from the previous version 6.9.3.0. See the [6.9 branch ChangeLog](https://github.com/ImageMagick/ImageMagick/blob/3fd358e2ac34977fda38a2cf4d88a1cb4dd2d7c7/ChangeLog). Dependent packages are mostly straight rebuilds, a couple also include bugfix version updates. --------------------------------------------------------------------------------References: [ 1 ] Bug #1471837 - CVE-2017-11352 ImageMagick: Improper EOF handling in coders/rle.c can trigger crash (Incomplete fix for CVE-2017-9144) [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1471837 [ 2 ] Bug #1471122 - CVE-2017-10995 ImageMagick: Out-of-bounds heap read in mng_get_long function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1471122 [ 3 ] Bug #1470670 - CVE-2017-11170 ImageMagick: Memory leak in ReadTGAImage function when processing TGA or VST file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1470670 [ 4 ] Bug #1465064 - CVE-2017-7941 CVE-2017-7942 CVE-2017-7943 CVE-2017-8352 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1465064 [ 5 ] Bug #1455602 - CVE-2017-9141 CVE-2017-9142 CVE-2017-9143 CVE-2017-9144 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1455602 [ 6 ] Bug #1453125 - CVE-2017-9098 ImageMagick: use of uninitialized memory in RLE decoder [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1453125 [ 7 ] Bug #1413898 - CVE-2016-9556 CVE-2016-9559 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1413898 [ 8 ] Bug #1408404 - CVE-2016-8707 ImageMagick: OOB write in convert utility when deflating TIFF files [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1408404 [ 9 ] Bug #1483575 - CVE-2017-12587 ImageMagick: Resource exhaustion in ReadPWPImage function in coders\pwp.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1483575 [ 10 ] Bug #1299275 - ImageMagick-7.0.6-9 is available https://bugzilla.redhat.com/show_bug.cgi?id=1299275 [ 11 ] Bug #1483132 - CVE-2017-12433 CVE-2017-12434 CVE-2017-12435 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1483132 [ 12 ] Bug #1483117 - CVE-2017-12640 CVE-2017-12641 CVE-2017-12642 CVE-2017-12643 CVE-2017-12644 CVE-2017-12654 CVE-2017-12662 CVE-2017-12663 CVE-2017-12664 CVE-2017-12665 CVE-2017-12666 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1483117 [ 13 ] Bug #1482655 - CVE-2017-12427 CVE-2017-12428 CVE-2017-12429 CVE-2017-12430 CVE-2017-12432 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1482655 [ 14 ] Bug #1482626 - CVE-2017-12418 ImageMagick: Memory leaks in the parse8BIMW and format8BIM functions in coders/meta.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1482626 [ 15 ] Bug #1350462 - CVE-2016-5841 CVE-2016-5842 imagemagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1350462 [ 16 ] Bug #1361494 - CVE-2016-6491 ImageMagick: Out-of-bounds read in CopyMagickMemory [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1361494 [ 17 ] Bug #1378790 - CVE-2014-9907 CVE-2015-8957 CVE-2015-8958 CVE-2015-8959 CVE-2016-6823 CVE-2016-7101 CVE-2016-7513 CVE-2016-7514 CVE-2016-7515 CVE-2016-7516 CVE-2016-7517 CVE-2016-7518 CVE-2016-7519 CVE-2016-7520 CVE-2016-7521 ... ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1378790 [ 18 ] Bug #1361578 - CVE-2016-5010 ImageMagick: Out-of-bounds read when processing crafted tiff file [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1361578 [ 19 ] Bug #1477566 - CVE-2017-12140 ImageMagick: integer signedness error in ReadDCMImage function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1477566 [ 20 ] Bug #1477070 - CVE-2017-11724 CVE-2017-11750 CVE-2017-11751 CVE-2017-11752 CVE-2017-11753 CVE-2017-11754 CVE-2017-11755 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1477070 [ 21 ] Bug #1475486 - CVE-2017-11644 ImageMagick: Memory-Leak in ReadMATImage() coders/mat.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475486 [ 22 ] Bug #1475471 - CVE-2017-11639 ImageMagick: heap-based buffer over-read in the WriteCIPImage() function in coders/cip.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475471 [ 23 ] Bug #1475464 - CVE-2017-11640 ImageMagick: NULL pointer dereference in WritePTIFImage() in coders/tiff.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1475464 [ 24 ] Bug #1474846 - CVE-2017-11523 ImageMagick: Endless loop in ReadTXTImage function in coders/txt.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1474846 [25 ] Bug #1474420 - CVE-2017-11446 CVE-2017-11478 ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1474420 [ 26 ] Bug #1473848 - CVE-2017-11360 ImageMagick: Resource exhaustion in ReadRLEImage function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473848 [ 27 ] Bug #1473825 - CVE-2017-11188 ImageMagick: Resource exhaustion in ReadDPXImage function in coders\dpx.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473825 [ 28 ] Bug #1473802 - CVE-2017-11448 ImageMagick: Info leak from from uninitialized memory in ReadJPEGImage function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473802 [ 29 ] Bug #1473799 - CVE-2017-11447 ImageMagick: Memory leak in ReadSCREENSHOTImage function in coders/screenshot.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473799 [ 30 ] Bug #1473797 - CVE-2017-11449 ImageMagick: coders/mpc.c don't validade blob sizes of stdin image input [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473797 [ 31 ] Bug #1473775 - CVE-2017-11450 ImageMagick: Too short JPEG data causes denial of service in coders/jpeg.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473775 [ 32 ] Bug #1473758 - CVE-2017-11141 ImageMagick: Memory exhaustion in ReadMATImage function in coders\mat.c [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473758 [ 33 ] Bug #1473719 - CVE-2017-10928 ImageMagick: heap-based buffer over-read in the GetNextToken function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1473719 [ 34 ] Bug #1410515 - ImageMagick: various flaws [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1410515 [ 35 ] Bug #1479313 - synfigstudio doesn't start https://bugzilla.redhat.com/show_bug.cgi?id=1479313 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnfupgrade vips' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Sep 19, 2017
•Critical
Fedora
91
security advisorygentooprivilege escalationGentoo: GLSA-202201-12 Normal: VIPS Security Vulnerability Notification
A vulnerability in VIPS could result in privilege escalation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201401-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: VIPS: Privilege Escalation Date: January 26, 2014 Bugs: #344561 ID: 201401-29 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in VIPS could result in privilege escalation. Background ========= VIPS is a free image processing system. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 media-libs/vips < 7.22.4 > = 7.22.4 Description ========== VIPS places a zero-length directory name in the LD_LIBRARY_PATH, which might result in the current working directory (.) to be included when searching for dynamically linked libraries. Impact ===== A local attacker could gain escalated privileges via a specially crafted shared library. Workaround ========= There is no known workaround at this time. Resolution ========= All VIPS users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =media-libs/vips-7.22.4" NOTE: This is a legacy GLSA. Updates for all affected architectures are available since November 23, 2010. It is likely that your system is already no longer affected by this issue. References ========= [ 1 ] CVE-2010-3364 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-3364 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201401-29 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jan 26, 2014
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!