Debian Security Advisory
DLA-1306-1 vips -- LTS security update
- Date Reported:
- 11 Mar 2018
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2018-7998.
- More information:
It was discovered that there was NULL function pointer dereference vulnerability in vips, an image processing system for very large images.
Remote attackers could cause a denial of service via a specially-crafted image file which occurred due to a race condition involving a failed image load and other worker threads.
For Debian 7
Wheezy, this issue has been fixed in vips version 7.28.5-1+deb7u2.
We recommend that you upgrade your vips packages.