CVE-2026-3145 - Vulnerability Analysis

Overview

libvips <= 8.18.0 contains a memory corruption vulnerability caused by improper handling in vips_foreign_load_matrix_file_is_a and vips_foreign_load_matrix_header functions, letting local attackers cause memory corruption, exploit requires local access.

Severity & Score

Impact

Local attackers can cause memory corruption, potentially leading to application crashes or code execution.

Mitigation

Apply the patch d4ce337c76bff1b278d7085c3c4f4725e3aa6ece or update to a version later than 8.18.0.

References

• https://vuldb.com/?id.347651
• https://vuldb.com/?submit.758690
• https://github.com/libvips/libvips/
• https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece
• https://github.com/libvips/libvips/issues/4876
• https://github.com/libvips/libvips/pull/4888
• https://vuldb.com/?ctiid.347651

Related Resources

• Vulnerability Intelligence Dashboard
• Credential Scanner