CVE-2026-3281

Name of the Vulnerable Software and Affected Versions libvips version 8.19.0

Description A flaw exists in libvips that involves a heap-based buffer overflow. This occurs in the vips bandrank build function within the libvips/conversion/bandrank.c file when the index argument is manipulated. The issue can be exploited locally. The exploit is publicly available.

Recommendations Install the patch fd28c5463697712cb0ab116a2c55e4f4d92c4088 to address this issue.