CVE-2026-3283

Vulnerability

CVE-2026-3283

A vulnerability has been found in libvips 8.19.0. This issue affects the function vips_extract_band_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_band leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. To fix this issue, it is recommended to deploy a patch.

References

launchpad.net/ubuntu-cve-tracker: https://github.com/libvips/libvips/
launchpad.net/ubuntu-cve-tracker: https://github.com/libvips/libvips/commit/24795bb3d19d84f7b6f5ed86451ad556c8f2fe70
launchpad.net/ubuntu-cve-tracker: https://github.com/libvips/libvips/issues/4880
launchpad.net/ubuntu-cve-tracker: https://github.com/libvips/libvips/issues/4880#issue-3944214985
launchpad.net/ubuntu-cve-tracker: https://github.com/libvips/libvips/pull/4887
launchpad.net/ubuntu-cve-tracker: https://vuldb.com/?ctiid.348012
launchpad.net/ubuntu-cve-tracker: https://vuldb.com/?id.348012
launchpad.net/ubuntu-cve-tracker: https://vuldb.com/?submit.758863
launchpad.net/ubuntu-cve-tracker: https://www.cve.org/CVERecord?id=CVE-2026-3283

severitym

medium

type: vendor

source: launchpad.net/ubuntu-cve-tracker

published: 2026-02-27 00:00:00

Detection

No detection criteria available for this vulnerability.

Data Sources

Ubuntu CVE Tracker
ubuntu-cve-tracker
- raw: ghcr.io/vulsio/vuls-data-db:vuls-data-raw-ubuntu-cve-tracker
- extracted: ghcr.io/vulsio/vuls-data-db:vuls-data-extracted-ubuntu-cve-tracker

FutureVuls|GitHub