CVE-2026-3145

Summary

A flaw has been found in libvips up to 8.18.0. The affected element is the function vips_foreign_load_matrix_file_is_a/vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack needs to be launched locally. This patch is called d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. A patch should be applied to remediate this issue.

Affected Software

VendorProductVersion RangeStatus
n/alibvips8.0affected
n/alibvips8.1affected
n/alibvips8.2affected
n/alibvips8.3affected
n/alibvips8.4affected
n/alibvips8.5affected
n/alibvips8.6affected
n/alibvips8.7affected
n/alibvips8.8affected
n/alibvips8.9affected
n/alibvips8.10affected
n/alibvips8.11affected
n/alibvips8.12affected
n/alibvips8.13affected
n/alibvips8.14affected
n/alibvips8.15affected
n/alibvips8.16affected
n/alibvips8.17affected
n/alibvips8.18.0affected

Weaknesses

  • CWE-119: Memory Corruption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References