Memory Corruption Vulnerability in libvips by libvips Project
CVE-2026-3145

4.8MEDIUM

Key Information:

Vendor

libvips Project

Status
Libvips
Vendor
CVE Published:
25 February 2026

What is CVE-2026-3145?

A memory corruption issue has been identified in libvips, specifically within the vips_foreign_load_matrix_file_is_a and vips_foreign_load_matrix_header functions in matrixload.c. This vulnerability can be exploited through local manipulation, potentially leading to severe consequences for the integrity of the application. It is crucial to apply the patch referenced in commit d4ce337c76bff1b278d7085c3c4f4725e3aa6ece to mitigate this risk and ensure system stability.

Affected Version(s)

libvips 8.0

libvips 8.1

libvips 8.2

References

https://vuldb.com/?id.347651
vdb-entrytechnical-description
https://vuldb.com/?ctiid.347651
signaturepermissions-required
https://vuldb.com/?submit.758690
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Niebelungen (VulDB User)
.