CVE-2018-7998
Last modified
CVE-2018-7998 is a vulnerability of currently unknown severity. In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads.. EPSS estimates a 1.88% chance of exploitation in the next 30 days.
Description
In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Libvips | Libvips | < 8.6.3 |
| Debian | Debian Linux | 7.0 |
References
- https://github.com/jcupitt/libvips/issues/893Exploit, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/03/msg00009.htmlThird Party Advisory
- https://github.com/jcupitt/libvips/issues/893Exploit, Third Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/03/msg00009.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-7998?
How severe is CVE-2018-7998?
How do I fix CVE-2018-7998?
Are you affected by CVE-2018-7998?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST