Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.5
libvips Crashes with Bad Image Files
CVE-2026-3146
Summary
libvips, a library used to process images, can crash when given a specially crafted image file. This can cause problems for applications that rely on libvips. To fix this, update libvips to a newer version that includes the necessary patch.
Original title
A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. The manipulation leads to null...
Original description
A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. The manipulation leads to null pointer dereference. The attack needs to be performed locally. The identifier of the patch is d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. To fix this issue, it is recommended to deploy a patch.
osv CVSS3.1
5.5
- https://github.com/libvips/libvips/ URL
- https://vuldb.com/?id.347652 Vendor Advisory
- https://vuldb.com/?submit.758691 Vendor Advisory
- https://github.com/libvips/libvips/issues/4875 Third Party Advisory
- https://vuldb.com/?ctiid.347652 Third Party Advisory
- https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6e... Patch
- https://github.com/libvips/libvips/pull/4888 Patch
Published: 25 Feb 2026 · Updated: 13 Mar 2026 · First seen: 13 Mar 2026