Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2020-20739

Good to know:

icon

Date: November 20, 2020

im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. After conducting further research, Mend has determined that all versions of libvips up to version v8.9.0-alpha1 are vulnerable to CVE-2020-20739.

Language: C

Severity Score

Related Resources (9)

https://github.com/libvips/libvips/issues/1419
https://nvd.nist.gov/vuln/detail/CVE-2020-20739
https://github.com/libvips/libvips/commit/2ab5aa7bf515135c2b02d42e9a72e4c98e17031a
https://lists.debian.org/debian-lts-announce/2020/11/msg00049.html
https://security-tracker.debian.org/tracker/CVE-2020-20739
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZULVPQQ4QDFSQCXFYBUXEM7UXJAOKLSP/
https://security.alpinelinux.org/vuln/CVE-2020-20739
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZULVPQQ4QDFSQCXFYBUXEM7UXJAOKLSP/
https://www.mend.io/vulnerability-database/CVE-2020-20739

Severity Score

Weakness Type (CWE)

Use of Uninitialized Resource

CWE-908

Missing Initialization of Resource

CWE-909

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us