PT-2026-22285 · Libvips · Libvips

Niebelungen

Published

2026-02-27

Updated

2026-02-27

CVE-2026-3281

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libvips version 8.19.0

Description A flaw exists in libvips that involves a heap-based buffer overflow. This occurs in the vips bandrank build function within the libvips/conversion/bandrank.c file when the index argument is manipulated. The issue can be exploited locally. The exploit is publicly available.

Recommendations Install the patch fd28c5463697712cb0ab116a2c55e4f4d92c4088 to address this issue.

Exploit

Fix

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122

Related Identifiers

CVE-2026-3281

Affected Products

Libvips

PT-2026-22285 · Libvips · Libvips

CVE-2026-3281

Weakness Enumeration

Related Identifiers

Affected Products

References · 18