PT-2026-22286 · Libvips · Libvips

Niebelungen

·

Publicado

2026-02-27

·

Atualizado

2026-02-27

·

CVE-2026-3282

CVSS v3.1

7.1

Alta

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
Name of the Vulnerable Software and Affected Versions libvips version 8.19.0
Description A flaw exists in libvips 8.19.0 within the vips unpremultiply build function located in the libvips/conversion/unpremultiply.c file. Manipulation of the alpha band argument can result in an out-of-bounds read. The attack requires local access. An exploit has been published and is potentially usable.
Recommendations Apply patch 7215ead1e0cd7d3703cc4f5fca06d7d0f4c22b91.

Exploit

Correção

Out of bounds Read

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-119

Identificadores relacionados

CVE-2026-3282

Produtos afetados

Libvips