Use of Uninitialized Resource

CVE-2019-6976

Medium

5.3/10

Summary

libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-908 - Use of Uninitialized Resource

The software uses or accesses a resource that has not been initialized.

References

Advisory Timeline

Published Jan 26, 2019

Use of Uninitialized Resource

CVE-2019-6976

Summary

CWE-908 - Use of Uninitialized Resource

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS