Vulnerability Details : CVE-2019-17534
vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.
Vulnerability category: Memory Corruption
Products affected by CVE-2019-17534
- cpe:2.3:a:libvips:libvips:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-17534
0.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 73 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-17534
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2019-17534
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-17534
-
https://github.com/libvips/libvips/commit/ce684dd008532ea0bf9d4a1d89bacb35f4a83f4d
fetch map after DGifGetImageDesc() · libvips/libvips@ce684dd · GitHubPatch
-
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16796
16796 - libvips:jpegsave_file_fuzzer: Heap-use-after-free in vips_foreign_load_gif_scan_image - oss-fuzz - OSS-Fuzz: Fuzzing the planet - MonorailExploit;Issue Tracking;Third Party Advisory
-
https://github.com/libvips/libvips/compare/v8.8.1...v8.8.2
Comparing v8.8.1...v8.8.2 · libvips/libvips · GitHubPatch
Jump to