Unrated severityNVD Advisory· Published Feb 25, 2026· Updated Feb 25, 2026
libvips matrixload.c vips_foreign_load_matrix_header memory corruption
CVE-2026-3145
Description
A flaw has been found in libvips up to 8.18.0. The affected element is the function vips_foreign_load_matrix_file_is_a/vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack needs to be launched locally. This patch is called d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. A patch should be applied to remediate this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- osv-coords8 versionspkg:apk/chainguard/libvipspkg:apk/chainguard/libvips-8.17pkg:apk/chainguard/libvips-devpkg:apk/chainguard/libvips-docpkg:apk/wolfi/libvipspkg:apk/wolfi/libvips-8.17pkg:apk/wolfi/libvips-devpkg:apk/wolfi/libvips-doc
< 8.18.0-r3+ 7 more
- (no CPE)range: < 8.18.0-r3
- (no CPE)range: < 8.17.3-r1
- (no CPE)range: < 8.18.0-r3
- (no CPE)range: < 8.18.0-r3
- (no CPE)range: < 8.18.0-r3
- (no CPE)range: < 8.17.3-r1
- (no CPE)range: < 8.18.0-r3
- (no CPE)range: < 8.18.0-r3
Patches
Vulnerability mechanics
References
6- github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ecemitrepatch
- github.com/libvips/libvips/pull/4888mitreissue-trackingpatch
- vuldb.commitrethird-party-advisory
- github.com/libvips/libvips/issues/4876mitreissue-tracking
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.