CVE-2026-3281

Vulnerability

CVE-2026-3281

A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now public and may be used. The patch is named fd28c5463697712cb0ab116a2c55e4f4d92c4088. It is suggested to install a patch to address this issue.

References

launchpad.net/ubuntu-cve-tracker: https://github.com/libvips/libvips/
launchpad.net/ubuntu-cve-tracker: https://github.com/libvips/libvips/commit/fd28c5463697712cb0ab116a2c55e4f4d92c4088
launchpad.net/ubuntu-cve-tracker: https://github.com/libvips/libvips/issues/4878
launchpad.net/ubuntu-cve-tracker: https://github.com/libvips/libvips/issues/4878#issue-3944209102
launchpad.net/ubuntu-cve-tracker: https://github.com/libvips/libvips/pull/4895
launchpad.net/ubuntu-cve-tracker: https://vuldb.com/?ctiid.348010
launchpad.net/ubuntu-cve-tracker: https://vuldb.com/?id.348010
launchpad.net/ubuntu-cve-tracker: https://vuldb.com/?submit.758861
launchpad.net/ubuntu-cve-tracker: https://www.cve.org/CVERecord?id=CVE-2026-3281

severitym

medium

type: vendor

source: launchpad.net/ubuntu-cve-tracker

published: 2026-02-27 00:00:00

Detection

No detection criteria available for this vulnerability.

Data Sources

Ubuntu CVE Tracker
ubuntu-cve-tracker
- raw: ghcr.io/vulsio/vuls-data-db:vuls-data-raw-ubuntu-cve-tracker
- extracted: ghcr.io/vulsio/vuls-data-db:vuls-data-extracted-ubuntu-cve-tracker

FutureVuls|GitHub