CVE-2026-3147

Name of the Vulnerable Software and Affected Versions libvips versions prior to 8.18.0

Description A flaw exists in libvips, specifically within the vips foreign load csv build function located in the libvips/foreign/csvload.c file. This issue can lead to a heap-based buffer overflow. Local access is required for exploitation. The vulnerability has been publicly disclosed.

Recommendations Apply the patch identified as b3ab458a25e0e261cbd1788474bbc763f7435780.