Libvips Integer Overflow in Local File Exports

Summary

A bug in the libvips software can cause an integer overflow when processing certain file exports, potentially allowing an attacker with local access to exploit the issue. This vulnerability has been publicly disclosed and a fix is available. Affected users should update to the patched version to prevent potential exploitation.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Vendor	Product	Affected versions	Fix available
libvips	libvips	8.19.0	–

Original title

A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in inte...

Original description

A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch is identified as 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. It is advisable to implement a patch to correct this issue.

nvd CVSS2.0 1.7

nvd CVSS3.1 5.5

nvd CVSS4.0 4.8

Vulnerability type

CWE-189

CWE-190 Integer Overflow

https://github.com/libvips/libvips/ Product
https://github.com/libvips/libvips/commit/24795bb3d19d84f7b6f5ed86451ad556c8f2fe... Patch
https://github.com/libvips/libvips/issues/4879 Exploit Issue Tracking Vendor Advisory
https://github.com/libvips/libvips/issues/4879#issue-3944211794 Exploit Issue Tracking Vendor Advisory
https://github.com/libvips/libvips/pull/4887 Issue Tracking Patch
https://vuldb.com/?ctiid.348013 Permissions Required VDB Entry
https://vuldb.com/?id.348013 Third Party Advisory VDB Entry
https://vuldb.com/?submit.758864 Third Party Advisory VDB Entry