Vulnerability Description
A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. The manipulation leads to null pointer dereference. The attack needs to be performed locally. The identifier of the patch is d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. To fix this issue, it is recommended to deploy a patch.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Libvips | Libvips | <= 8.18.0 |
Related Weaknesses (CWE)
References
- https://github.com/libvips/libvips/Product
- https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ePatch
- https://github.com/libvips/libvips/issues/4875ExploitIssue TrackingVendor Advisory
- https://github.com/libvips/libvips/pull/4888Issue TrackingPatch
- https://vuldb.com/?ctiid.347652Permissions RequiredVDB Entry
- https://vuldb.com/?id.347652Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.758691Third Party AdvisoryVDB Entry
- https://github.com/libvips/libvips/issues/4875ExploitIssue TrackingVendor Advisory
FAQ
What is CVE-2026-3146?
CVE-2026-3146 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. The manipulation leads to null po...
How severe is CVE-2026-3146?
CVE-2026-3146 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-3146?
Check the references section above for vendor advisories and patch information. Affected products include: Libvips Libvips.