-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5915-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
May 03, 2025                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : vips
CVE ID         : CVE-2025-29769

A heap-based buffer overflow vulnerability was discovered in vips, an
fast image processing library designed with efficiency in mind, which
may result in denial of service (application crash) if a specially
crafted TIFF image file is processed.

For the stable distribution (bookworm), this problem has been fixed in
version 8.14.1-3+deb12u2.

We recommend that you upgrade your vips packages.

For the detailed security status of vips please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/vips

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmgVquVfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0RVTw//WG9GuyGDgmPI1TK0fL5GZR4r/rdKjGOcTcD1rc0hVkc5Aq8r8z5HUEC4
abiQwmUafP4o6gxKZKLIx0RhyweELUb/lvul0E8kZYhBH/teCWzabcCPHpXJauU5
Zuq/zYpuN9pS67nNx4yGqc2gW4r+1p7DS6d+qY2qCfrwxrw1M3OnpGYeNTJ46N7O
c6XZ1FX72qXlqwp6GTKQKuRCHfuRVTqKs/nyS4/f+KcJeQkwhLqhLW5KOZ025AUV
rwbunBxdabV9AMxNaCPGiRWCwQx1cFaJd/7xpi84NEMVDS1xjkcTk0MznfqcBcTC
P0vfUWMC1lN4gC5UiXbywYC18E3nGKaGYfUX6uAPV9KhqSJFKMPoFmFjkOEY1ITU
wbuRSVIcuWYHmkYd7GC3TSbP08vyTQZ0TTVzEU860Y8/6l0ZG+B+w66EDjU4ye0V
ToDIpnrvUbT2QfhPnuSHqDzNkOSZm9wTjQ9DqkoR4asNprEpd+ZO1jBGWUj4hyEc
+Zm/iQxl8NHSNxunPhan+NpyTBqFYC84nyNKJAgGp+vYVSxQhoZHymFnY22GsyKk
+SOpKJzvjZKwQG07Q70caHwIcJcWpv8FBHyT8iurI2uPwxa2W/zxcvhOxIkC92wl
qsO5IR/L5TQeSvj4jWA6vtFw2P+5g93tZkNZ8ja/4ZvjwxDlqNY=Rtes
-----END PGP SIGNATURE-----