Uninitialized variable: mode in function im_vips2dz() #1419
Labels
Comments
|
Oh, good point! Thank you for reporting this. I've fixed git master. The stuff in "deprecated" is not checked by the fuzzer :( |
jcupitt
added a commit
that referenced
this issue
Sep 3, 2019
we were reading an uninited string in a vips7 compatibility wrapper, thanks yifengchen-cc see #1419
|
It looks like this has been assigned CVE-2020-20739. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-20739 There's no severity listed, but I imagine usage in the wild of this deprecated code path will be very low. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
/libvips/libvips/deprecated/im_vips2dz.c:79
When the output file does not contain a ":",the uninitialization of the mode causes the stack information to leak.
This may cause the leakage of remote server path.
$./vips im_vips2dz /home/ivan/miniproject/libvips/tools/.libs/th.vips th.dzim_vips2dz: enum 'VipsForeignDzLayout' has no member 'roject/libvips/tools/.libs/th.vips', should be one of: dz, zoomify, googleThe text was updated successfully, but these errors were encountered: