Skip to main content

Missing Initialization of Resource

CVE-2020-20739

Severity Medium
Score 5.3/10

Summary

im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • LOW
  • NONE

CWE-909 - Missing Initialization of Resource

The software does not initialize a critical resource.

Advisory Timeline

  • Published