Home / Early Warning / Vulnerabilidades / CVE-2020-20739

CVE-2020-20739

Type: 
Unavailable / Other
Severity: 
Medium
Publication date: 
11/20/2020
Last modified: 
12/08/2020
Description
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
Impact
Access Vector: Through network
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: No impact on system integrity + Partially affects on system confidentiality + No impact on system availability
Vulnerable software and versions
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:libvips_project:libvips:*:*:*:*:*:*:*:*
To consult the complete list of products and versions see this page
Explanation of fields