VYPR

Libvips

by Libvips

Source repositories

CVEs (18)

  • CVE-2026-6491MedApr 17, 2026
    risk 0.34cvss 5.3epss 0.00

    A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack…

  • CVE-2026-3281MedFeb 27, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The…

  • CVE-2026-3147MedFeb 25, 2026
    risk 0.27cvss 5.3epss 0.00

    A vulnerability was found in libvips up to 8.18.0. This affects the function vips_foreign_load_csv_build of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and…

  • CVE-2026-3284LowFeb 27, 2026
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in integer overflow. The attack requires a local approach. The exploit has been made…

  • CVE-2026-2913LowFeb 22, 2026
    risk 0.09cvss 2.5epss 0.00

    A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The attack's…

  • CVE-2026-3283Feb 27, 2026
    risk 0.00cvss epss 0.00

    A vulnerability has been found in libvips 8.19.0. This issue affects the function vips_extract_band_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_band leads to out-of-bounds read. The attack needs to be performed locally. The exploit…

  • CVE-2026-3282Feb 27, 2026
    risk 0.00cvss epss 0.00

    A flaw has been found in libvips 8.19.0. This vulnerability affects the function vips_unpremultiply_build of the file libvips/conversion/unpremultiply.c. Executing a manipulation of the argument alpha_band can lead to out-of-bounds read. The attack needs to be launched locally.…

  • CVE-2026-3146Feb 25, 2026
    risk 0.00cvss epss 0.00

    A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. The manipulation leads to null pointer dereference. The attack needs to be performed locally. The identifier of…

  • CVE-2026-3145Feb 25, 2026
    risk 0.00cvss epss 0.00

    A flaw has been found in libvips up to 8.18.0. The affected element is the function vips_foreign_load_matrix_file_is_a/vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack needs to be…

  • CVE-2025-59933Sep 29, 2025
    risk 0.00cvss epss 0.00

    libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a…

  • CVE-2025-29769Apr 7, 2025
    risk 0.00cvss epss 0.00

    libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as…

  • CVE-2023-40032Sep 11, 2023
    risk 0.00cvss epss 0.00

    libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when…

  • CVE-2021-45928Dec 31, 2021
    risk 0.00cvss epss 0.00

    libjxl b02d6b9, as used in libvips 8.11 through 8.11.2 and other products, has an out-of-bounds write in jxl::ModularFrameDecoder::DecodeGroup (called from jxl::FrameDecoder::ProcessACGroup and jxl::ThreadPool::RunCallState<jxl::FrameDecoder::ProcessSections).

  • CVE-2021-27847Jul 15, 2021
    risk 0.00cvss epss 0.01

    Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85.

  • CVE-2020-20739Nov 20, 2020
    risk 0.00cvss epss 0.02

    im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.

  • CVE-2019-17534Oct 13, 2019
    risk 0.00cvss epss 0.02

    vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.

  • CVE-2019-6976Jan 26, 2019
    risk 0.00cvss epss 0.02

    libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image.

  • CVE-2018-7998HigMar 9, 2018
    risk 0.00cvss 7.5epss 0.02

    In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs…