Buffer Read Overflow in libvips Affects PDF Processing Functionality
CVE-2025-59933

5.1MEDIUM

Key Information:

Vendor

Libvips

Status
Libvips
Vendor
CVE Published:
29 September 2025

What is CVE-2025-59933?

The libvips image processing library has a vulnerability affecting its PDF input handling when compiled with poppler support. Specifically, versions 8.17.1 and earlier may experience a buffer read overflow during the pdfload operation when processing a specially crafted PDF file header. This issue arises when the PDF specifies a page width without a corresponding height, potentially leading to unexpected behavior or application crashes. Users of libvips built without PDF input support or using alternative libraries like PDFium remain unaffected. To mitigate this risk, users can block the VipsForeignLoadPdf operation through vips_operation_block_set, or set the VIPS_BLOCK_UNTRUSTED environment variable during runtime to prevent loading untrusted inputs, including PDFs processed via poppler. This vulnerability is addressed in libvips version 8.17.2.

Affected Version(s)

libvips < 8.17.2

References

https://github.com/libvips/libvips/security/advisories/GH...
x_refsource_CONFIRM
https://github.com/libvips/libvips/commit/a58bfae9223a546...
x_refsource_MISC
https://github.com/libvips/libvips/releases/tag/v8.17.2
x_refsource_MISC

CVSS V4

Score:
5.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2025-59933 : Buffer Read Overflow in libvips Affects PDF Processing Functionality