PT-2026-21863 · Libvips · Libvips
Niebelungen
·
Published
2026-02-25
·
Updated
2026-02-25
·
CVE-2026-3147
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
libvips versions prior to 8.18.0
Description
A flaw exists in libvips, specifically within the
vips foreign load csv build function located in the libvips/foreign/csvload.c file. This issue can lead to a heap-based buffer overflow. Local access is required for exploitation. The vulnerability has been publicly disclosed.Recommendations
Apply the patch identified as b3ab458a25e0e261cbd1788474bbc763f7435780.
Exploit
Fix
Buffer Overflow
Heap Based Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Libvips