{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3145", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-24T19:53:43.308Z", "datePublished": "2026-02-25T02:02:10.604Z", "dateUpdated": "2026-02-25T20:28:56.023Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-25T02:02:10.604Z"}, "title": "libvips matrixload.c vips_foreign_load_matrix_header memory corruption", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "n/a", "product": "libvips", "versions": [{"version": "8.0", "status": "affected"}, {"version": "8.1", "status": "affected"}, {"version": "8.2", "status": "affected"}, {"version": "8.3", "status": "affected"}, {"version": "8.4", "status": "affected"}, {"version": "8.5", "status": "affected"}, {"version": "8.6", "status": "affected"}, {"version": "8.7", "status": "affected"}, {"version": "8.8", "status": "affected"}, {"version": "8.9", "status": "affected"}, {"version": "8.10", "status": "affected"}, {"version": "8.11", "status": "affected"}, {"version": "8.12", "status": "affected"}, {"version": "8.13", "status": "affected"}, {"version": "8.14", "status": "affected"}, {"version": "8.15", "status": "affected"}, {"version": "8.16", "status": "affected"}, {"version": "8.17", "status": "affected"}, {"version": "8.18.0", "status": "affected"}], "cpes": ["cpe:2.3:a:libvips:libvips:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A flaw has been found in libvips up to 8.18.0. The affected element is the function vips_foreign_load_matrix_file_is_a/vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack needs to be launched locally. This patch is called d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. A patch should be applied to remediate this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:ND/RL:OF/RC:C"}}], "timeline": [{"time": "2026-02-24T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-24T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-24T20:59:02.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Niebelungen (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.347651", "name": "VDB-347651 | libvips matrixload.c vips_foreign_load_matrix_header memory corruption", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.347651", "name": "VDB-347651 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.758690", "name": "Submit #758690 | libvips 8.19.0(7fab325d2) Signed to Unsigned Conversion Error", "tags": ["third-party-advisory"]}, {"url": "https://github.com/libvips/libvips/issues/4876", "tags": ["issue-tracking"]}, {"url": "https://github.com/libvips/libvips/pull/4888", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece", "tags": ["patch"]}, {"url": "https://github.com/libvips/libvips/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-25T20:19:30.668465Z", "id": "CVE-2026-3145", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T20:28:56.023Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libvips:libvips:*:*:*:*:*:*:*:*", "matchCriteriaId": "33F39CED-5892-4FC2-836C-F03CF6299CB8", "versionEndIncluding": "8.18.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in libvips up to 8.18.0. The affected element is the function vips_foreign_load_matrix_file_is_a/vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. Executing a manipulation can lead to memory corruption. The attack needs to be launched locally. This patch is called d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. A patch should be applied to remediate this issue."}], "id": "CVE-2026-3145", "lastModified": "2026-02-25T20:56:39.700", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-25T03:16:07.193", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/libvips/libvips/"}, {"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/libvips/libvips/issues/4876"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/libvips/libvips/pull/4888"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.347651"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.347651"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.758690"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.11"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.12"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.13"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.14"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.15"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.16"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.17"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.18.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "libvips", "source": "cna", "vendor": "n/a"}, "product": "libvips", "vendor": "libvips"}], "analysis": {"en": {"generated_at": "2026-04-17T15:33:02.771723+00:00", "value": {"mitigation_remediation": ["Upgrade to libvips version 8.19.0 or later, which includes the patch commit d4ce337c76bff1b278d7085c3c4f4725e3aa6ece.", "If an immediate upgrade is not feasible, rebuild libvips from source after applying the patch commit to replace the vulnerable matrixload.c implementation.", "Disable or remove foreign matrix file support in libvips if the functionality is not required, or restrict its use to trusted users only.", "Monitor system logs for segmentation faults or abnormal crashes that could indicate memory corruption caused by malformed matrix files."], "summary": {"action": "Apply Patch", "impact": "Memory corruption"}, "threat_synthesis": {"affected_systems": "Affected systems include any installation of the libvips library up to and including version 8.18.0 that uses the foreign matrix load functionality. The fix is applied in commit d4ce337c76bff1b278d7085c3c4f4725e3aa6ece and is present in releases thereafter. Users of older versions should compare installed versions against the first patch tarball that includes this commit.", "description_and_impact": "The vulnerability resides in libvips, version 8.18.0 or earlier, in the matrixload.c component that processes matrix file headers. An attacker who can execute code locally on a system that uses libvips can manipulate matrix file contents to trigger a memory corruption condition via the function vips_foreign_load_matrix_header. The resulting corruption could overwrite critical data structures and potentially lead to crashes or arbitrary code execution, compromising the integrity of the affected process.", "risk_and_exploitability": "The CVSS score of 4.8 places the weakness in the moderate range, and the EPSS value of less than 1 percent indicates a very low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog, and the attack vector is strictly local, meaning threat actors need local access to the machine running libvips. Consequently, the overall risk is moderate but constrained to environments where untrusted matrix files could be processed by privileged local users."}}}}, "created": "2026-02-25T11:35:09.029314+00:00", "updated": "2026-04-17T15:45:15.886007+00:00", "vendors": ["libvips", "libvips$PRODUCT$libvips"]}