Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-2913
PUBLISHED
More InfoOfficial Page
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
View Known Exploited Vulnerability (KEV) details
Published At-22 Feb, 2026 | 04:02
Updated At-23 Feb, 2026 | 19:14
Rejected At-
▼CVE Numbering Authority (CNA)
libvips source.c vips_source_read_to_memory heap-based overflow

A vulnerability was determined in libvips up to 8.19.0. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on the local host. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been publicly disclosed and may be utilized. Patch name: a56feecbe9ed66521d9647ec9fbcd2546eccd7ee. Applying a patch is the recommended action to fix this issue. The confirmation of the bugfix mentions: "[T]he impact of this is negligible, since this only affects custom seekable sources larger than 4 GiB (and the crash occurs in user code rather than libvips itself)."

Affected Products
Vendor
n/a
Product
libvips
CPEs
  • cpe:2.3:a:libvips:libvips:*:*:*:*:*:*:*:*
Versions
Affected
  • 8.0
  • 8.1
  • 8.2
  • 8.3
  • 8.4
  • 8.5
  • 8.6
  • 8.7
  • 8.8
  • 8.9
  • 8.10
  • 8.11
  • 8.12
  • 8.13
  • 8.14
  • 8.15
  • 8.16
  • 8.17
  • 8.18
  • 8.19.0
Problem Types
TypeCWE IDDescription
CWECWE-122Heap-based Buffer Overflow
CWECWE-119Memory Corruption
Type: CWE
CWE ID: CWE-122
Description: Heap-based Buffer Overflow
Type: CWE
CWE ID: CWE-119
Description: Memory Corruption
Metrics
VersionBase scoreBase severityVector
4.02.0LOW
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
3.12.5LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
3.02.5LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
2.01.0N/A
AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
Version: 4.0
Base score: 2.0
Base severity: LOW
Vector:
CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P
Version: 3.1
Base score: 2.5
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
Version: 3.0
Base score: 2.5
Base severity: LOW
Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C
Version: 2.0
Base score: 1.0
Base severity: N/A
Vector:
AV:L/AC:H/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Niebelungen (VulDB User)
Timeline
EventDate
Advisory disclosed2026-02-20 00:00:00
VulDB entry created2026-02-20 01:00:00
VulDB entry last update2026-02-20 21:26:01
Event: Advisory disclosed
Date: 2026-02-20 00:00:00
Event: VulDB entry created
Date: 2026-02-20 01:00:00
Event: VulDB entry last update
Date: 2026-02-20 21:26:01
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.347222
vdb-entry
technical-description
https://vuldb.com/?ctiid.347222
signature
permissions-required
https://vuldb.com/?submit.755224
third-party-advisory
https://github.com/libvips/libvips/issues/4857
issue-tracking
https://github.com/libvips/libvips/issues/4857#issuecomment-3878479322
issue-tracking
https://github.com/libvips/libvips/issues/4857#issue-3920154326
exploit
issue-tracking
https://github.com/libvips/libvips/commit/a56feecbe9ed66521d9647ec9fbcd2546eccd7ee
patch
https://github.com/libvips/libvips/
product
Hyperlink: https://vuldb.com/?id.347222
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.347222
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.755224
Resource:
third-party-advisory
Hyperlink: https://github.com/libvips/libvips/issues/4857
Resource:
issue-tracking
Hyperlink: https://github.com/libvips/libvips/issues/4857#issuecomment-3878479322
Resource:
issue-tracking
Hyperlink: https://github.com/libvips/libvips/issues/4857#issue-3920154326
Resource:
exploit
issue-tracking
Hyperlink: https://github.com/libvips/libvips/commit/a56feecbe9ed66521d9647ec9fbcd2546eccd7ee
Resource:
patch
Hyperlink: https://github.com/libvips/libvips/
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found