CVE-2023-40032

描述

libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.

受影響套件(1)

• Debian/vipsfrom 0, < 8.14.1-3+deb12u1

CVSS 分數

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2023-40032