CVE-2025-59933

Name of the Vulnerable Software and Affected Versions libvips versions 8.17.1 and earlier

Description libvips is an image processing library. When compiled with PDF input support via poppler, versions 8.17.1 and below are susceptible to a buffer read overflow during PDF header parsing when processing a crafted PDF file lacking a height definition. Users compiling libvips without PDF input support or utilizing PDFium for PDF input are not affected. The issue is addressed in version 8.17.2. The pdfload operation is specifically impacted.

Recommendations Update to version 8.17.2 or later. Block the VipsForeignLoadPdf operation using vips operation block set. Set the VIPS BLOCK UNTRUSTED environment variable at runtime.