libvips/nip2

Releases12

Frequency10 months 4 days

Last Release over 3 years ago

Stars429

A spreadsheet-like GUI for libvips.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2017-17514 ↗	Dec 14, 2017Thursday, 14 December 2017, 16:29	8.8 HIGH	6.8 MEDIUM
boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable