124 matches found
Fedora 43 : vips (2026-3b2ddea116)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-3b2ddea116 advisory. - update to v8.18.3 - enable uhdr - fix several security issues Tenable has extracted the preceding description block directly from the Fedora...
Fedora 44 : vips (2026-b9f00ad1b7)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b9f00ad1b7 advisory. - update to v8.18.3 - enable uhdr - fix several security issues Tenable has extracted the preceding description block directly from the Fedora...
CVE-2026-6491
A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...
CVE-2026-6491 libvips nip2 vips7compat.c im_minpos_vec heap-based overflow
A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function imminposvec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached...
📄 libvips 8.19.0 VIPS Image Extraction Crash / Auditor
This Python script performs a comprehensive security and stability audit of the vips image processing binary. It tests the extractarea function using extreme int32 and uint32 values as well as normal ranges to detect crashes, memory corruption, or buffer overflows. The audit automates setup,...
Linux Distros Unpatched Vulnerability : CVE-2026-3281
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in libvips 8.19.0. This affects the function vipsbandrankbuild of the file libvips/conversion/bandrank.c. Performing a manipulation...
CVE-2026-3281
A flaw was found in libvips. A local attacker can exploit a heap-based buffer overflow vulnerability by manipulating the argument index in the vipsbandrankbuild function. This can lead to information disclosure, data modification, or denial of service...
Linux Distros Unpatched Vulnerability : CVE-2026-3283
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in libvips 8.19.0. This issue affects the function vipsextractbandbuild of the file libvips/conversion/extract.c. The manipulatio...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the vipsbandrankbuild function. An attacker can execute arbitrary code, cause a denial of service, or potentially escalate privileges by manipulating the index argument to trigger a heap-based buffer...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read via the vipsextractbandbuild function. An attacker can access sensitive information by supplying crafted arguments to trigger an out-of-bounds read. Remediation A fix was pushed into the master branch but not yet...
DEBIAN-CVE-2026-3282
A flaw has been found in libvips 8.19.0. This vulnerability affects the function vipsunpremultiplybuild of the file libvips/conversion/unpremultiply.c. Executing a manipulation of the argument alphaband can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been...
CVE-2026-3283
A vulnerability has been found in libvips 8.19.0. This issue affects the function vipsextractbandbuild of the file libvips/conversion/extract.c. The manipulation of the argument extractband leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to th...
CVE-2026-3282
A flaw has been found in libvips 8.19.0. This vulnerability affects the function vipsunpremultiplybuild of the file libvips/conversion/unpremultiply.c. Executing a manipulation of the argument alphaband can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been...
UBUNTU-CVE-2026-3284
A vulnerability was found in libvips 8.19.0. Impacted is the function vipsextractareabuild of the file libvips/conversion/extract.c. The manipulation of the argument extractarea results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used...
CVE-2026-3284 libvips extract.c vips_extract_area_build integer overflow
A vulnerability was found in libvips 8.19.0. Impacted is the function vipsextractareabuild of the file libvips/conversion/extract.c. The manipulation of the argument extractarea results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used...
CVE-2026-3284
A vulnerability was found in libvips 8.19.0. Impacted is the function vipsextractareabuild of the file libvips/conversion/extract.c. The manipulation of the argument extractarea results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used...
CVE-2026-3283
CVE-2026-3283 affects libvips 8.19.0, specifically the vips_extract_band_build function in libvips/conversion/extract.c. The issue arises from manipulation of the extract_band argument, leading to an out-of-bounds read. Exploitation is described as local, with public disclosure of the exploit. A ...
CVE-2026-3282
The CVE-2026-3282 entry affects libvips 8.19.0, specifically the vips_unpremultiply_build function in libvips/conversion/unpremultiply.c. The vulnerability arises when manipulating the alpha_band argument, which can cause an out-of-bounds read. Exploitation is described as local, and multiple sou...
DEBIAN-CVE-2026-3281
A vulnerability was detected in libvips 8.19.0. This affects the function vipsbandrankbuild of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now publ...
UBUNTU-CVE-2026-3281
A vulnerability was detected in libvips 8.19.0. This affects the function vipsbandrankbuild of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now publ...