CVE-2026-3145
Memory Corruption in libvips Matrix Load Functions (Local Attack
Publication date: 2026-02-25
Last updated on: 2026-02-25
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| libvips | libvips | to 8.18.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3145 is a memory corruption vulnerability in the libvips image processing library, specifically in the functions vips_foreign_load_matrix_file_is_a and vips_foreign_load_matrix_header within the file libvips/foreign/matrixload.c. The flaw arises from improper handling of input data, particularly due to an incorrect signed-to-unsigned integer conversion when reading matrix files. When a read error occurs, a signed return value of -1 is incorrectly stored in an unsigned variable, causing an out-of-bounds write (stack buffer overflow) that can corrupt memory.
This vulnerability can be triggered locally by manipulating the input to the matrix loading functions, leading to potential crashes or other security issues. A patch has been released that adds input validation to prevent empty or excessively large inputs and corrects the data type handling to avoid this memory corruption.
How can this vulnerability impact me? :
This vulnerability can lead to memory corruption, which may cause the affected application using libvips to crash or behave unpredictably. Since the flaw involves a stack buffer overflow, it could potentially be exploited to execute arbitrary code or escalate privileges, although exploitation requires local access.
The impact includes compromise of confidentiality, integrity, and availability of the system running the vulnerable libvips version. Attackers with local access could manipulate inputs to trigger this flaw, leading to denial of service or other security breaches.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a local memory corruption issue in libvips related to the matrixload functions. Detection involves checking the version of libvips installed and monitoring for crashes or stack-buffer-overflow errors during matrix file processing.
You can detect vulnerable versions by running the following command to check the libvips version:
- vips --version
If the version is up to 8.18.0, it is vulnerable. Additionally, running libvips with AddressSanitizer (ASAN) enabled during matrix file loading operations can reveal stack-buffer-overflow errors indicative of this vulnerability.
No specific network detection commands are applicable since the attack requires local execution.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to apply the patch identified by commit d4ce337c76bff1b278d7085c3c4f4725e3aa6ece, which fixes the vulnerability by adding input validation and correcting the signed-to-unsigned integer conversion.
If updating immediately is not possible, restrict local access to systems running vulnerable libvips versions to prevent exploitation.
Monitor for any crashes or unusual behavior in applications using libvips, especially when processing matrix files.
Upgrade libvips to version 8.19.0 or later, where the fix has been merged and tested.