Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
2.0

Libvips: Large File Processing Can Crash System

CVE-2026-2913
Summary

A bug in libvips affects how it handles large files. If a very big file is processed, it could cause the system to crash. This is unlikely to happen with normal use, but it's a good idea to update to the latest version to be safe.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software
VendorProductAffected versionsFix available
libvips libvips <= 8.19.0 –
Original title
A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buf...
Original description
A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. Patch name: a56feecbe9ed66521d9647ec9fbcd2546eccd7ee. Applying a patch is the recommended action to fix this issue. The confirmation of the bugfix mentions: "[T]he impact of this is negligible, since this only affects custom seekable sources larger than 4 GiB (and the crash occurs in user code rather than libvips itself)."
nvd CVSS2.0 1.0
nvd CVSS3.1 7.0
nvd CVSS4.0 2.0
Vulnerability type
CWE-119 Buffer Overflow
CWE-122 Heap-based Buffer Overflow
Published: 22 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026