PT-2026-22287 · Libvips · Libvips

Niebelungen

Published

2026-02-27

Updated

2026-03-02

CVE-2026-3283

CVSS v3.1

7.1

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Name of the Vulnerable Software and Affected Versions libvips version 8.19.0

Description A flaw exists in libvips 8.19.0 within the vips extract band build function, located in the libvips/conversion/extract.c file. Manipulation of the extract band argument can lead to an out-of-bounds read. Local execution is required for exploitation. The patch identifier is 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. The exploit has been publicly disclosed.

Recommendations Deploy the patch with identifier 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70.

Exploit

Fix

Out of bounds Read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-119

Related Identifiers

CVE-2026-3283

Affected Products

Libvips

PT-2026-22287 · Libvips · Libvips

CVE-2026-3283

Weakness Enumeration

Related Identifiers

Affected Products

References · 19