-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : vips Version : 7.28.5-1+deb7u2 CVE ID : CVE-2018-7998 Debian Bug : #892589
It was discovered that there was NULL function pointer dereference vulnerability in vips, an image processing system for very large images. Remote attackers could cause a denial of service via a specially-crafted image file which occurred due to a race condition involving a failed image load and other worker threads. For Debian 7 "Wheezy", this issue has been fixed in vips version 7.28.5-1+deb7u2. We recommend that you upgrade your vips packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlqlbGkACgkQHpU+J9Qx HlhlZg/+JARD0ct7/CwIsXKXI61vTZQUDcH843W4TWoTu9fyQgU4BAga4e79I2Dc hltsrkTglAgdQWSc+G0pt+ajFs85481TFVh9hq2QHLzc61ttHudcL/5RSs1HD/lr x/ek7rIP8J8LUegB383SwhCWZrOJnnPb96/B9clo/BoZqeB6WWvopgerlJOEV8ZF xd8WjupcxgWozb3/f9DS4ALdZbsxf8aXzrtG6DvRLFsUWLJp5CVj7MPsMRiUgPVm RidF8Na6oTcfFvGP6s6KC9Lccd8Wy+FYryBXhBL9Hyg/Y59rvyIMhM1y04PR1a1U 4ze0JDTzECuDoTTZmlSQCdjjHFqg4lWLF/D0C97JdLG+vObvAfmnLv20GXRVRPfl c17/A9ojmKpqjOq4EpsZ8y2iKG5l2Qhsh05ey6nnecXN2fBhWWYJFc3sqCyeuMYk q2t53OkVEE7OyfIC7pRWoN5jETj+OzN3N9LCCv2KC2ZZs549UwYt+O1cfFmwfLNh iL7GMvQ3iILEGXMQvekJWvYl16Na1AUStgJ6feDBds7pSt3jx/c+8pPXMGDVn+HE Gdm9z34zlsuUNdh28EDmfzh4rfX9t/fq7duYBX9OK893MNRNPpgKExmPbmHJXXAG Btfkh8laF5AkCr0BBuuZscv9LZj458XYlyfhqHkx8agutt5o47g= =zP5x -----END PGP SIGNATURE-----