Bug 2400373 (CVE-2025-59933)
| Summary: | CVE-2025-59933 libvips: libvips Buffer Over-Read | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A buffer over read flaw has been discovered in libvips. Those using libvips compiled with support for PDF input via poppler, the `pdfload` operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Processing of such an image halts very shortly after the buffer read overflow, and no output is generated. It is not possible for a consuming application to access the memory area overflowed. Those using libvips compiled without support for PDF input are unaffected.Those using libvips compiled with support for PDF input via PDFium are unaffected.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2401081 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-09-29 23:01:37 UTC
|