PT-2026-22286 · Libvips · Libvips

Niebelungen

Published

2026-02-27

Updated

2026-02-27

CVE-2026-3282

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions libvips version 8.19.0

Description A flaw exists in libvips 8.19.0 within the vips unpremultiply build function located in the libvips/conversion/unpremultiply.c file. Manipulation of the alpha band argument can result in an out-of-bounds read. The attack requires local access. An exploit has been published and is potentially usable.

Recommendations Apply patch 7215ead1e0cd7d3703cc4f5fca06d7d0f4c22b91.

Exploit

Fix

Out of bounds Read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-119

Related Identifiers

CVE-2026-3282

Affected Products

Libvips

PT-2026-22286 · Libvips · Libvips

CVE-2026-3282

Weakness Enumeration

Related Identifiers

Affected Products

References · 18