Skip to content



Folders and files

Last commit message
Last commit date

Latest commit



6 Commits

Repository files navigation

Testing environment for CVE-2019-6976

This repository contains all the files and information to set up an environment with the vulnerable libvips library to play around with CVE-2019-6976.

The main purpose of this image is to provide a testing environment for the entropy calculator Upload Scanner addon. (

Set up

You can use the following docker command to pull down the docker image:

docker pull tare05/libvipsvuln:latest

After the image is downloaded, start the docker container:

docker run -p 8085:8085 tare05/libvipsvuln

This command will start the docker container with a vulnerable python server listening on your machine at port 8085.

The container runs in a while true loop as a workaround to restart the python server if it crashes from memory corruption, so in order to shut down the container use the following command:

docker kill <Container ID>

File descriptions


This is the Dockerfile which was used to build the docker image.


This contains all the neccessary modules for the python server on the docker container.

Creates a while loop which continuously restarts the python server whenever it crashes.

Code for the python server.

Build your own image

To tweak around or customize the docker image simply do a git clone to this repo

git clone

make the neccessary changes to the Dockerfile/ or whatever you want, and rebuild the docker image with the following command:

docker build --tag=<your tag> .

and stat the newly created container.


This repo describes how to set up a test envitoment with a vulnerable libvips application, to test the entropy calculator UploadScanner addon.






No releases published


No packages published


  • Python 81.9%
  • Dockerfile 16.1%
  • Shell 2.0%