PT-2026-22287 · Libvips · Libvips

Niebelungen

Publicado

2026-02-27

Atualizado

2026-03-02

CVE-2026-3283

CVSS v3.1

7.1

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions libvips version 8.19.0

Description A flaw exists in libvips 8.19.0 within the vips extract band build function, located in the libvips/conversion/extract.c file. Manipulation of the extract band argument can lead to an out-of-bounds read. Local execution is required for exploitation. The patch identifier is 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. The exploit has been publicly disclosed.

Recommendations Deploy the patch with identifier 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70.

Exploit

Correção

Out of bounds Read

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-119

Identificadores relacionados

CVE-2026-3283

Produtos afetados

Libvips

PT-2026-22287 · Libvips · Libvips

CVE-2026-3283

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 19