What is the severity of USN-6437-1?

The severity of USN-6437-1 is moderate.

How does USN-6437-1 affect Ubuntu 22.04?

USN-6437-1 does not affect Ubuntu 22.04.

How does USN-6437-1 affect Ubuntu 18.04?

USN-6437-1 affects Ubuntu 18.04.

How do I fix USN-6437-1 in Ubuntu 18.04?

To fix USN-6437-1 in Ubuntu 18.04, update to version 8.4.5-1ubuntu0.1~esm1 or later.

Are there any references for USN-6437-1?

Yes, there are references for USN-6437-1. You can find them at these links: [CVE-2020-20739](https://ubuntu.com/security/CVE-2020-20739), [CVE-2018-7998](https://ubuntu.com/security/CVE-2018-7998), [CVE-2019-6976](https://ubuntu.com/security/CVE-2019-6976).

Vulnerability/
USN-6437-1

CWE

369

18/10/2023

USN-6437-1: VIPS vulnerabilities

First published: Wed Oct 18 2023(Updated: )

Ziqiang Gu discovered that VIPS could be made to dereference a NULL pointer. If a user or automated system were tricked into processing a specially crafted input image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2018-7998) It was discovered that VIPS did not properly handle uninitialized memory locations when processing corrupted input image data. An attacker could possibly use this issue to generate output images that expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2019-6976) It was discovered that VIPS did not properly manage memory due to an uninitialized variable. If a user or automated system were tricked into processing a specially crafted output file, an attacker could possibly use this issue to expose sensitive information. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2020-20739) It was discovered that VIPS could be made to divide by zero in multiple funcions. If a user or automated system were tricked into processing a specially crafted image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. (CVE-2021-27847) It was discovered that VIPS did not properly handle certain input files that contained malformed UTF-8 characters. If a user or automated system were tricked into processing a specially crafted SVG image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-40032)

Affected Software	Affected Version	How to fix
All of
ubuntu/gir1.2-vips-8.0	<8.12.1-1ubuntu0.1~esm1	8.12.1-1ubuntu0.1~esm1
Ubuntu Linux	=22.04
All of
ubuntu/libvips-tools	<8.12.1-1ubuntu0.1~esm1	8.12.1-1ubuntu0.1~esm1
Ubuntu Linux	=22.04
All of
ubuntu/libvips42	<8.12.1-1ubuntu0.1~esm1	8.12.1-1ubuntu0.1~esm1
Ubuntu Linux	=22.04
All of
ubuntu/gir1.2-vips-8.0	<8.4.5-1ubuntu0.1~esm1	8.4.5-1ubuntu0.1~esm1
Ubuntu Linux	=18.04
All of
ubuntu/libvips-tools	<8.4.5-1ubuntu0.1~esm1	8.4.5-1ubuntu0.1~esm1
Ubuntu Linux	=18.04
All of
ubuntu/libvips42	<8.4.5-1ubuntu0.1~esm1	8.4.5-1ubuntu0.1~esm1
Ubuntu Linux	=18.04
All of
ubuntu/python-vipscc	<8.4.5-1ubuntu0.1~esm1	8.4.5-1ubuntu0.1~esm1
Ubuntu Linux	=18.04
All of
ubuntu/gir1.2-vips-8.0	<8.2.2-1ubuntu0.1~esm1	8.2.2-1ubuntu0.1~esm1
Ubuntu Linux	=16.04
All of
ubuntu/libvips-tools	<8.2.2-1ubuntu0.1~esm1	8.2.2-1ubuntu0.1~esm1
Ubuntu Linux	=16.04
All of
ubuntu/libvips42	<8.2.2-1ubuntu0.1~esm1	8.2.2-1ubuntu0.1~esm1
Ubuntu Linux	=16.04
All of
ubuntu/python-vipscc	<8.2.2-1ubuntu0.1~esm1	8.2.2-1ubuntu0.1~esm1
Ubuntu Linux	=16.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the severity of USN-6437-1?
The severity of USN-6437-1 is moderate.
How does USN-6437-1 affect Ubuntu 22.04?
USN-6437-1 does not affect Ubuntu 22.04.
How does USN-6437-1 affect Ubuntu 18.04?
USN-6437-1 affects Ubuntu 18.04.
How do I fix USN-6437-1 in Ubuntu 18.04?
To fix USN-6437-1 in Ubuntu 18.04, update to version 8.4.5-1ubuntu0.1~esm1 or later.
Are there any references for USN-6437-1?
Yes, there are references for USN-6437-1. You can find them at these links: [CVE-2020-20739](https://ubuntu.com/security/CVE-2020-20739), [CVE-2018-7998](https://ubuntu.com/security/CVE-2018-7998), [CVE-2019-6976](https://ubuntu.com/security/CVE-2019-6976).

agent/references
agent/severity
agent/type
agent/first-publish-date
agent/last-modified-date
agent/softwarecombine
agent/weakness
agent/title
agent/description
agent/event
agent/trending
agent/source
agent/tags
collector/usn
source/Ubuntu
agent/software-canonical-lookup
agent/software-canonical-lookup-request
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu linux
version/ubuntu linux/22.04
version/ubuntu linux/18.04
version/ubuntu linux/16.04