CVE-2026-3284
Received Received - Intake
Integer Overflow in libvips vips_extract_area_build Function

Publication date: 2026-02-27

Last updated on: 2026-04-29

Assigner: VulDB

Description
A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch is identified as 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. It is advisable to implement a patch to correct this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-27
Last Modified
2026-04-29
Generated
2026-05-06
AI Q&A
2026-02-27
EPSS Evaluated
2026-05-05
NVD
CVE-2026-3284
EUVD
EUVD-2026-8991
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
libvips libvips 8.19.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-190 The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
CWE-189
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in libvips version 8.19.0, specifically in the function vips_extract_area_build within the file libvips/conversion/extract.c. It is caused by the improper manipulation of the argument extract_area, which leads to an integer overflow.

An attacker with local access can exploit this flaw. The vulnerability has been publicly disclosed, and a patch has been made available to fix the issue.


How can this vulnerability impact me? :

The vulnerability can cause an integer overflow, which may lead to a denial of service or other unintended behavior affecting availability.

Since the attack requires local access, the impact is limited to users or processes with local privileges.

The CVSS scores indicate a low to moderate impact, primarily affecting availability without compromising confidentiality or integrity.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

The vulnerability can be mitigated by applying the patch identified as 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70 to the affected libvips version.

Since the attack requires local access, limiting local user privileges and access can also reduce risk.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart