Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2026-3284

Опубликовано: 27 фев. 2026
Источник: debian
EPSS Низкий

Описание

A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch is identified as 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. It is advisable to implement a patch to correct this issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
vipsfixed8.18.0-3package

Примечания

  • https://github.com/libvips/libvips/issues/4879

  • https://github.com/libvips/libvips/pull/4887

  • Fixed by: https://github.com/libvips/libvips/commit/24795bb3d19d84f7b6f5ed86451ad556c8f2fe70

EPSS

Процентиль: 5%
0.0002
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2026-3284

CVSS3: 3.3
ubuntu
около 1 месяца назад

A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch is identified as 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. It is advisable to implement a patch to correct this issue.

nvd логотип

CVE-2026-3284

CVSS3: 3.3
nvd
около 1 месяца назад

A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch is identified as 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. It is advisable to implement a patch to correct this issue.

github логотип

GHSA-hjmm-353v-47h8

CVSS3: 3.3
github
около 1 месяца назад

A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch is identified as 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. It is advisable to implement a patch to correct this issue.

EPSS

Процентиль: 5%
0.0002
Низкий