Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
libvips: Local attackers can corrupt system memory with malicious files
CVE-2026-3145
Summary
Libvips, a library for image processing, has a bug that allows attackers with local access to the system to corrupt the computer's memory by manipulating certain types of files. This could potentially lead to a system crash or other security issues. To fix the problem, update libvips to the latest version.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| libvips | libvips | <= 8.18.0 | – |
Original title
A flaw has been found in libvips up to 8.18.0. The affected element is the function vips_foreign_load_matrix_file_is_a/vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. Exec...
Original description
A flaw has been found in libvips up to 8.18.0. The affected element is the function vips_foreign_load_matrix_file_is_a/vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack needs to be launched locally. This patch is called d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. A patch should be applied to remediate this issue.
nvd CVSS2.0
4.3
nvd CVSS3.1
7.8
nvd CVSS4.0
4.8
Vulnerability type
CWE-119
Buffer Overflow
- https://github.com/libvips/libvips/ Product
- https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6e... Patch
- https://github.com/libvips/libvips/issues/4876 Exploit Issue Tracking Vendor Advisory
- https://github.com/libvips/libvips/pull/4888 Issue Tracking Patch
- https://vuldb.com/?ctiid.347651 Permissions Required VDB Entry
- https://vuldb.com/?id.347651 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.758690 Third Party Advisory VDB Entry
Published: 25 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026