Bug 2442533 (CVE-2026-3145) - CVE-2026-3145 libvips: libvips: Memory corruption via local manipulation
Summary: CVE-2026-3145 libvips: libvips: Memory corruption via local manipulation
Keywords:
Status: NEW
Alias: CVE-2026-3145
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2442680 2442681
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-02-25 04:02 UTC by OSIDB Bzimport
Modified: 2026-02-25 17:18 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description OSIDB Bzimport 2026-02-25 04:02:00 UTC
A flaw has been found in libvips up to 8.18.0. The affected element is the function vips_foreign_load_matrix_file_is_a/vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack needs to be launched locally. This patch is called d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. A patch should be applied to remediate this issue.


Note You need to log in before you can comment on or make changes to this bug.