Unrated severityNVD Advisory· Published Feb 25, 2026· Updated Feb 25, 2026
libvips matrixload.c vips_foreign_load_matrix_header null pointer dereference
CVE-2026-3146
Description
A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. The manipulation leads to null pointer dereference. The attack needs to be performed locally. The identifier of the patch is d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. To fix this issue, it is recommended to deploy a patch.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- osv-coords8 versionspkg:apk/chainguard/libvipspkg:apk/chainguard/libvips-8.17pkg:apk/chainguard/libvips-devpkg:apk/chainguard/libvips-docpkg:apk/wolfi/libvipspkg:apk/wolfi/libvips-8.17pkg:apk/wolfi/libvips-devpkg:apk/wolfi/libvips-doc
< 8.18.0-r3+ 7 more
- (no CPE)range: < 8.18.0-r3
- (no CPE)range: < 8.17.3-r1
- (no CPE)range: < 8.18.0-r3
- (no CPE)range: < 8.18.0-r3
- (no CPE)range: < 8.18.0-r3
- (no CPE)range: < 8.17.3-r1
- (no CPE)range: < 8.18.0-r3
- (no CPE)range: < 8.18.0-r3
Patches
Vulnerability mechanics
References
6- github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ecemitrepatch
- github.com/libvips/libvips/pull/4888mitreissue-trackingpatch
- vuldb.commitrethird-party-advisory
- github.com/libvips/libvips/issues/4875mitreissue-tracking
- vuldb.commitresignaturepermissions-required
- vuldb.commitrevdb-entrytechnical-description
News mentions
0No linked articles in our index yet.