Test ID:	1.3.6.1.4.1.25623.1.1.12.2023.6437.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-6437-1)
Summary:	The remote host is missing an update for the 'vips' package(s) announced via the USN-6437-1 advisory.
Description:	Summary: The remote host is missing an update for the 'vips' package(s) announced via the USN-6437-1 advisory. Vulnerability Insight: Ziqiang Gu discovered that VIPS could be made to dereference a NULL pointer. If a user or automated system were tricked into processing a specially crafted input image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-7998) It was discovered that VIPS did not properly handle uninitialized memory locations when processing corrupted input image data. An attacker could possibly use this issue to generate output images that expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-6976) It was discovered that VIPS did not properly manage memory due to an uninitialized variable. If a user or automated system were tricked into processing a specially crafted output file, an attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-20739) It was discovered that VIPS could be made to divide by zero in multiple funcions. If a user or automated system were tricked into processing a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-27847) It was discovered that VIPS did not properly handle certain input files that contained malformed UTF-8 characters. If a user or automated system were tricked into processing a specially crafted SVG image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-40032) Affected Software/OS: 'vips' package(s) on Ubuntu 16.04, Ubuntu 18.04, Ubuntu 22.04. Solution: Please install the updated package(s). CVSS Score: 5.1 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-7998 https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5 https://github.com/jcupitt/libvips/issues/893 https://lists.debian.org/debian-lts-announce/2018/03/msg00009.html Common Vulnerability Exposure (CVE) ID: CVE-2019-6976 https://blog.silentsignal.eu/2019/04/18/drop-by-drop-bleeding-through-libvips/ https://github.com/libvips/libvips/commit/00622428bda8d7521db8d74260b519fa41d69d0a https://github.com/libvips/libvips/releases/tag/v8.7.4 Common Vulnerability Exposure (CVE) ID: CVE-2020-20739 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZULVPQQ4QDFSQCXFYBUXEM7UXJAOKLSP/ https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a https://github.com/libvips/libvips/issues/1419 https://lists.debian.org/debian-lts-announce/2020/11/msg00049.html Common Vulnerability Exposure (CVE) ID: CVE-2021-27847 https://github.com/libvips/libvips/issues/1236 Common Vulnerability Exposure (CVE) ID: CVE-2023-40032 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YU2FFC47X2XDEGEHEWAGLU5L3R6FEYD2/ https://github.com/libvips/libvips/commit/e091d65835966ef56d53a4105a7362cafdb1582b https://github.com/libvips/libvips/pull/3604 https://github.com/libvips/libvips/security/advisories/GHSA-33qp-9pq7-9584
Copyright	Copyright (C) 2023 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.