forwarded 598296
thanks
> Vulnerable code follows:
>
> /usr/bin/vips-7.22 line 108:
> export LD_LIBRARY_PATH=$VIPSHOME/lib:$LD_LIBRARY_PATH
>
> When there's an empty item on the colon-separated list of
> LD_LIBRARY_PATH, ld.so treats it as '.' (i.e. CWD/$PWD.)
> If the given script is execu
Package: libvips-tools
Version: 7.22.2-2+b1
Severity: grave
Tags: security
User: t...@security.debian.org
Usertags: ldpath
Hello,
During a review of the Debian archive, I've found your package to
contain a script that can be abused by an attacker to execute arbitrary
code.
The vulnerability is i
2 matches
Mail list logo
