CVE-2026-3284 – libvips extract.c vips_extract_area_build integer overflow

CVE ID : CVE-2026-3284

Published : Feb. 27, 2026, 3:16 a.m. | 1 hour, 55 minutes ago

Description : A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch is identified as 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. It is advisable to implement a patch to correct this issue.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-21654 – Johnson Controls -Frick Quantum HD- Unauthenticated Remote Code Execution

CVE-2026-2362 – WP Accessibility

CVE-2026-2383 – Simple Download Monitor

CVE-2026-2252 – XML External Entity (XXE) vulnerability resulting in Server-Side Request Forgery (SSRF)