libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | < fb1a3132ee1ac968316e45d21a48703a6db0b6c3 |
| n/a | n/a | < c3059d58f79fdfb2201249c2741514e34562b547 |