CVE-2026-3145
Received Received - Intake
Memory Corruption in libvips Matrix Load Functions (Local Attack

Publication date: 2026-02-25

Last updated on: 2026-02-25

Assigner: VulDB

Description
A flaw has been found in libvips up to 8.18.0. The affected element is the function vips_foreign_load_matrix_file_is_a/vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack needs to be launched locally. This patch is called d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. A patch should be applied to remediate this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-25
Last Modified
2026-02-25
Generated
2026-06-16
AI Q&A
2026-02-25
EPSS Evaluated
2026-06-14
NVD
CVE-2026-3145
EUVD
EUVD-2026-8586
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libvips libvips to 8.18.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Impact Analysis

This vulnerability can lead to memory corruption, which may cause the affected application using libvips to crash or behave unpredictably. Since the flaw involves a stack buffer overflow, it could potentially be exploited to execute arbitrary code or escalate privileges, although exploitation requires local access.

The impact includes compromise of confidentiality, integrity, and availability of the system running the vulnerable libvips version. Attackers with local access could manipulate inputs to trigger this flaw, leading to denial of service or other security breaches.

Executive Summary

CVE-2026-3145 is a memory corruption vulnerability in the libvips image processing library, specifically in the functions vips_foreign_load_matrix_file_is_a and vips_foreign_load_matrix_header within the file libvips/foreign/matrixload.c. The flaw arises from improper handling of input data, particularly due to an incorrect signed-to-unsigned integer conversion when reading matrix files. When a read error occurs, a signed return value of -1 is incorrectly stored in an unsigned variable, causing an out-of-bounds write (stack buffer overflow) that can corrupt memory.

This vulnerability can be triggered locally by manipulating the input to the matrix loading functions, leading to potential crashes or other security issues. A patch has been released that adds input validation to prevent empty or excessively large inputs and corrects the data type handling to avoid this memory corruption.

Compliance Impact

I don't know

Detection Guidance

This vulnerability is a local memory corruption issue in libvips related to the matrixload functions. Detection involves checking the version of libvips installed and monitoring for crashes or stack-buffer-overflow errors during matrix file processing.

You can detect vulnerable versions by running the following command to check the libvips version:

  • vips --version

If the version is up to 8.18.0, it is vulnerable. Additionally, running libvips with AddressSanitizer (ASAN) enabled during matrix file loading operations can reveal stack-buffer-overflow errors indicative of this vulnerability.

No specific network detection commands are applicable since the attack requires local execution.

Mitigation Strategies

The primary mitigation step is to apply the patch identified by commit d4ce337c76bff1b278d7085c3c4f4725e3aa6ece, which fixes the vulnerability by adding input validation and correcting the signed-to-unsigned integer conversion.

If updating immediately is not possible, restrict local access to systems running vulnerable libvips versions to prevent exploitation.

Monitor for any crashes or unusual behavior in applications using libvips, especially when processing matrix files.

Upgrade libvips to version 8.19.0 or later, where the fix has been merged and tested.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-3145. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart