[Bug 1179913] New: VUL-1: CVE-2020-20739: vips: uninitialized variable in im_vips2dz function may leak remote server path or stack address
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1179913 Bug ID: 1179913 Summary: VUL-1: CVE-2020-20739: vips: uninitialized variable in im_vips2dz function may leak remote server path or stack address Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.1 Hardware: Other URL: https://smash.suse.de/issue/272130/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: wolfgang.frisch@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2020-20739: im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. References: https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e... https://github.com/libvips/libvips/issues/1419 https://bugzilla.redhat.com/show_bug.cgi?id=1900810 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-20739 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20739 https://lists.debian.org/debian-lts-announce/2020/11/msg00049.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedorap... -- You are receiving this mail because: You are on the CC list for the bug.
![](https://seccdn.libravatar.org/avatar/a895f78a81a109471893519443e4d933.jpg?s=120&d=mm&r=g)
http://bugzilla.opensuse.org/show_bug.cgi?id=1179913
Wolfgang Frisch
participants (1)
-
bugzilla_noreply@suse.com