CVE-2023-40032

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Published Sep 11, 2023

Updated: Jan 29, 2024

CWE ID 476

Summary

CVE-2023-40032 is a newly disclosed vulnerability affecting libvips, a popular image processing library. Malformed UTF-8 characters within SVG input can cause libvips versions 8.14.3 and earlier to experience a segfault. This issue stems from the library's parsing process and poses a risk particularly when processing untrusted input. Users are advised to upgrade to libvips version 8.14.4 or later to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/sQ8bEf
https://www.cve.org/CVERecord?id=CVE-2023-40032
https://nvd.nist.gov/vuln/detail/CVE-2023-40032

Back to Vulnerability Database

CVE-2023-40032

CVSS 3.1 Score 5.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations