CVE-2026-2913

Name of the Vulnerable Software and Affected Versions libvips versions prior to 8.19.0

Description A heap-based buffer overflow exists in the vips source read to memory function within the libvips/iofuncs/source.c file. The issue is triggered by a manipulation that can be launched locally. The exploitability is described as difficult. The impact of this issue is negligible, as it only affects custom seekable sources larger than 4 GiB, and the crash occurs in user code rather than libvips itself.

Recommendations Apply patch a56feecbe9ed66521d9647ec9fbcd2546eccd7ee.