Vulnerability CVE-2023-40032

Vulnerability CVE-2023-40032

Published: 2023-09-11

Description:

libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.

Type:

CWE-476

(NULL Pointer Dereference)

References:

https://github.com/libvips/libvips/commit/e091d65835966ef56d53a4105a7362cafdb1582b

https://github.com/libvips/libvips/security/advisories/GHSA-33qp-9pq7-9584

https://github.com/libvips/libvips/pull/3604

Copyright 2026, cxsecurity.com