VDB
CVE-2020-20739
CVE-2020-20739
PUBLISHED
im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
EPSS 0.20% · 42.0th percentile
Risk Scores
EPSS Score
0.20%
42.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | vips | 0, 8.4.5-1build1 |
| Ubuntu:Pro:16.04:LTS | vips | 8.2.1-1, 0, 8.0.2-2 |
Timeline
- Nov 20, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-20739 third-party-advisory
- https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a third-party-advisory
- https://github.com/libvips/libvips/issues/1419 third-party-advisory
- https://ubuntu.com/security/notices/USN-6437-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-20739 third-party-advisory