{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3146", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-24T19:53:47.620Z", "datePublished": "2026-02-25T03:02:09.172Z", "dateUpdated": "2026-02-25T15:52:33.882Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-25T03:02:09.172Z"}, "title": "libvips matrixload.c vips_foreign_load_matrix_header null pointer dereference", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "libvips", "versions": [{"version": "8.0", "status": "affected"}, {"version": "8.1", "status": "affected"}, {"version": "8.2", "status": "affected"}, {"version": "8.3", "status": "affected"}, {"version": "8.4", "status": "affected"}, {"version": "8.5", "status": "affected"}, {"version": "8.6", "status": "affected"}, {"version": "8.7", "status": "affected"}, {"version": "8.8", "status": "affected"}, {"version": "8.9", "status": "affected"}, {"version": "8.10", "status": "affected"}, {"version": "8.11", "status": "affected"}, {"version": "8.12", "status": "affected"}, {"version": "8.13", "status": "affected"}, {"version": "8.14", "status": "affected"}, {"version": "8.15", "status": "affected"}, {"version": "8.16", "status": "affected"}, {"version": "8.17", "status": "affected"}, {"version": "8.18.0", "status": "affected"}], "cpes": ["cpe:2.3:a:libvips:libvips:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. The manipulation leads to null pointer dereference. The attack needs to be performed locally. The identifier of the patch is d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. To fix this issue, it is recommended to deploy a patch."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C"}}], "timeline": [{"time": "2026-02-24T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-24T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-24T20:59:04.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Niebelungen (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.347652", "name": "VDB-347652 | libvips matrixload.c vips_foreign_load_matrix_header null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.347652", "name": "VDB-347652 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.758691", "name": "Submit #758691 | libvips 8.19.0(7fab325d2) NULL Pointer Dereference (CWE-476)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/libvips/libvips/issues/4875", "tags": ["issue-tracking"]}, {"url": "https://github.com/libvips/libvips/pull/4888", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece", "tags": ["patch"]}, {"url": "https://github.com/libvips/libvips/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"references": [{"url": "https://github.com/libvips/libvips/issues/4875", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-25T15:52:26.359677Z", "id": "CVE-2026-3146", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T15:52:33.882Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3146", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-24T19:53:47.620Z", "datePublished": "2026-02-25T03:02:09.172Z", "dateUpdated": "2026-02-25T15:52:33.882Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-25T03:02:09.172Z"}, "title": "libvips matrixload.c vips_foreign_load_matrix_header null pointer dereference", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "libvips", "versions": [{"version": "8.0", "status": "affected"}, {"version": "8.1", "status": "affected"}, {"version": "8.2", "status": "affected"}, {"version": "8.3", "status": "affected"}, {"version": "8.4", "status": "affected"}, {"version": "8.5", "status": "affected"}, {"version": "8.6", "status": "affected"}, {"version": "8.7", "status": "affected"}, {"version": "8.8", "status": "affected"}, {"version": "8.9", "status": "affected"}, {"version": "8.10", "status": "affected"}, {"version": "8.11", "status": "affected"}, {"version": "8.12", "status": "affected"}, {"version": "8.13", "status": "affected"}, {"version": "8.14", "status": "affected"}, {"version": "8.15", "status": "affected"}, {"version": "8.16", "status": "affected"}, {"version": "8.17", "status": "affected"}, {"version": "8.18.0", "status": "affected"}], "cpes": ["cpe:2.3:a:libvips:libvips:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. The manipulation leads to null pointer dereference. The attack needs to be performed locally. The identifier of the patch is d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. To fix this issue, it is recommended to deploy a patch."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C"}}], "timeline": [{"time": "2026-02-24T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-24T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-24T20:59:04.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Niebelungen (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.347652", "name": "VDB-347652 | libvips matrixload.c vips_foreign_load_matrix_header null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.347652", "name": "VDB-347652 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.758691", "name": "Submit #758691 | libvips 8.19.0(7fab325d2) NULL Pointer Dereference (CWE-476)", "tags": ["third-party-advisory"]}, {"url": "https://github.com/libvips/libvips/issues/4875", "tags": ["issue-tracking"]}, {"url": "https://github.com/libvips/libvips/pull/4888", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece", "tags": ["patch"]}, {"url": "https://github.com/libvips/libvips/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3146", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-25T15:52:26.359677Z"}}}], "references": [{"url": "https://github.com/libvips/libvips/issues/4875", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T15:52:19.904Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libvips:libvips:*:*:*:*:*:*:*:*", "matchCriteriaId": "33F39CED-5892-4FC2-836C-F03CF6299CB8", "versionEndIncluding": "8.18.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. The manipulation leads to null pointer dereference. The attack needs to be performed locally. The identifier of the patch is d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. To fix this issue, it is recommended to deploy a patch."}], "id": "CVE-2026-3146", "lastModified": "2026-02-25T20:56:00.587", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-25T03:16:07.460", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/libvips/libvips/"}, {"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/libvips/libvips/issues/4875"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/libvips/libvips/pull/4888"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.347652"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.347652"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.758691"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/libvips/libvips/issues/4875"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}, {"lang": "en", "value": "CWE-476"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.11"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.12"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.13"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.14"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.15"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.16"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.17"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "8.18.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "libvips", "source": "cna", "vendor": "n/a"}, "product": "libvips", "vendor": "libvips"}], "analysis": {"en": {"generated_at": "2026-04-17T15:28:56.844875+00:00", "value": {"mitigation_remediation": ["Upgrade to the latest libvips release (\u2265 v8.18.1) that includes the commit d4ce337c76bff1b278d7085c3c4f4725e3aa6ece.", "If an upgrade is not immediately feasible, sanitize or validate all matrix file inputs before they are handed to libvips.", "Restrict the execution context of any processes that use libvips to a least\u2011privilege sandbox, limiting local attacker impact."], "summary": {"action": "Patch Now", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "The security issue affects the libvips image processing library versions up to and including 8.18.0, regardless of language interface. Any application or service that links against an affected libvips binary and processes matrix files from untrusted sources is susceptible. Newer releases above 8.18.0 contain the patch that fixes the dereference bug.", "description_and_impact": "The flaw resides in libvips' matrixload.c, where the function vips_foreign_load_matrix_header fails to validate a pointer before dereferencing it. When a malicious or malformed matrix header is processed, the library will crash with a null\u2011pointer dereference, terminating the process. The weakness corresponds to CWE\u2011476 and CWE\u2011404, and the result is a denial\u2011of\u2011service condition that disrupts any application using the library.", "risk_and_exploitability": "The CVSS base score of 4.8 indicates a moderate impact, while an EPSS score of less than 1% reflects a low probability of exploitation. The vulnerability requires local access to a process that loads a matrix file, so it is not remotely exploitable. It does not grant privilege escalation or data exfiltration; the primary risk is that a local attacker could cause service interruption by supplying crafted matrix data. The issue is not listed in CISA's KEV catalog."}}}}, "created": "2026-02-25T11:34:52.578105+00:00", "updated": "2026-04-17T15:30:06.039293+00:00", "vendors": ["libvips", "libvips$PRODUCT$libvips"]}