Source: vips Version: 8.7.4-1 Severity: important Tags: security upstream Hi,
The following vulnerability was published for vips. CVE-2019-17534[0]: | vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips | before 8.8.2 tries to access a color map before a DGifGetImageDesc | call, leading to a use-after-free. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-17534 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17534 [1] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=16796 [2] https://github.com/libvips/libvips/commit/ce684dd008532ea0bf9d4a1d89bacb35f4a83f4d Please adjust the affected versions in the BTS as needed. Regards, Salvatore