CVE-2026-3281
Received Received - Intake
Heap-Based Buffer Overflow in libvips vips_bandrank_build Function

Publication date: 2026-02-27

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now public and may be used. The patch is named fd28c5463697712cb0ab116a2c55e4f4d92c4088. It is suggested to install a patch to address this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-27
Last Modified
2026-04-29
Generated
2026-05-07
AI Q&A
2026-02-27
EPSS Evaluated
2026-05-05
NVD
CVE-2026-3281
EUVD
EUVD-2026-8985
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libvips libvips 8.19.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in libvips version 8.19.0, specifically in the function vips_bandrank_build located in the file libvips/conversion/bandrank.c.

It is caused by manipulation of the argument 'index' which leads to a heap-based buffer overflow.

The attack exploiting this vulnerability must be initiated locally.

A patch has been released to fix this issue.


How can this vulnerability impact me? :

Exploiting this vulnerability can cause a heap-based buffer overflow, which may lead to unexpected behavior such as application crashes or potential execution of arbitrary code.

Since the attack requires local access, an attacker would need to have some level of access to the system to exploit it.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

The suggested immediate step to mitigate this vulnerability is to install the patch named fd28c5463697712cb0ab116a2c55e4f4d92c4088 that addresses the issue.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart