PT-2026-22288 · Libvips · Libvips

Niebelungen

Published

2026-02-27

Updated

2026-03-02

CVE-2026-3284

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libvips version 8.19.0

Description A flaw exists in libvips 8.19.0 within the vips extract area build function, located in the libvips/conversion/extract.c file. Manipulation of the extract area argument can lead to an integer overflow. Exploitation requires local access. An exploit for this issue has been publicly released.

Recommendations Implement the patch identified as 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70 to resolve this issue.

Exploit

Fix

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-189

Related Identifiers

CVE-2026-3284

Affected Products

Libvips

PT-2026-22288 · Libvips · Libvips

CVE-2026-3284

Weakness Enumeration

Related Identifiers

Affected Products

References · 19