CVE-2026-6491

CVSS v3.1

5.3

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions libvips versions prior to 8.19

Description A heap-based buffer overflow exists in the nip2 Handler component within the im minpos vec() function of the file libvips/deprecated/vips7compat.c. This issue occurs when the argument n is manipulated, allowing for a memory corruption. Exploitation requires local access.

Recommendations Update to version 8.19 or later to remove the deprecated area containing the vulnerable function.

Exploit

Fix

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122

Related Identifiers

CVE-2026-6491

Affected Products

Libvips

CVE-2026-6491

Weakness Enumeration

Related Identifiers

Affected Products

References · 15