CVE-2023-40032

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Sep 11, 2023
Updated: Jan 29, 2024
CWE ID 476

Summary

CVE-2023-40032 is a newly disclosed vulnerability affecting libvips, a popular image processing library. Malformed UTF-8 characters within SVG input can cause libvips versions 8.14.3 and earlier to experience a segfault. This issue stems from the library's parsing process and poses a risk particularly when processing untrusted input. Users are advised to upgrade to libvips version 8.14.4 or later to mitigate this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share