Vulnerability Description
A flaw has been found in libvips up to 8.18.0. The affected element is the function vips_foreign_load_matrix_file_is_a/vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack needs to be launched locally. This patch is called d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. A patch should be applied to remediate this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libvips | Libvips | <= 8.18.0 |
Related Weaknesses (CWE)
References
- https://github.com/libvips/libvips/Product
- https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ePatch
- https://github.com/libvips/libvips/issues/4876ExploitIssue TrackingVendor Advisory
- https://github.com/libvips/libvips/pull/4888Issue TrackingPatch
- https://vuldb.com/?ctiid.347651Permissions RequiredVDB Entry
- https://vuldb.com/?id.347651Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.758690Third Party AdvisoryVDB Entry
FAQ
What is CVE-2026-3145?
CVE-2026-3145 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A flaw has been found in libvips up to 8.18.0. The affected element is the function vips_foreign_load_matrix_file_is_a/vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. Executi...
How severe is CVE-2026-3145?
CVE-2026-3145 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-3145?
Check the references section above for vendor advisories and patch information. Affected products include: Libvips Libvips.