im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.
The product does not initialize a critical resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Libvips | Libvips | * | 8.8.2 (excluding) |
Vips | Ubuntu | bionic | * |
Vips | Ubuntu | esm-apps/bionic | * |
Vips | Ubuntu | esm-apps/xenial | * |
Vips | Ubuntu | trusty | * |
Vips | Ubuntu | upstream | * |
Vips | Ubuntu | xenial | * |