CVE-2010-3364

EPSS 0.14%

Published: 10/20/2010Modified: 4/28/2026

Also known as:DEBIAN-CVE-2010-3364

Description

The vips-7.22 script in VIPS 7.22.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

Affected packages (1)

Debian/vipsfrom 0, < 7.14.5-2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2010-3364