{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3147", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-24T19:53:50.410Z", "datePublished": "2026-02-25T03:32:09.025Z", "dateUpdated": "2026-02-25T15:32:34.675Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-25T03:32:09.025Z"}, "title": "libvips csvload.c vips_foreign_load_csv_build heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "n/a", "product": "libvips", "versions": [{"version": "8.0", "status": "affected"}, {"version": "8.1", "status": "affected"}, {"version": "8.2", "status": "affected"}, {"version": "8.3", "status": "affected"}, {"version": "8.4", "status": "affected"}, {"version": "8.5", "status": "affected"}, {"version": "8.6", "status": "affected"}, {"version": "8.7", "status": "affected"}, {"version": "8.8", "status": "affected"}, {"version": "8.9", "status": "affected"}, {"version": "8.10", "status": "affected"}, {"version": "8.11", "status": "affected"}, {"version": "8.12", "status": "affected"}, {"version": "8.13", "status": "affected"}, {"version": "8.14", "status": "affected"}, {"version": "8.15", "status": "affected"}, {"version": "8.16", "status": "affected"}, {"version": "8.17", "status": "affected"}, {"version": "8.18.0", "status": "affected"}], "cpes": ["cpe:2.3:a:libvips:libvips:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in libvips up to 8.18.0. This affects the function vips_foreign_load_csv_build of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch is identified as b3ab458a25e0e261cbd1788474bbc763f7435780. It is advisable to implement a patch to correct this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-02-24T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-24T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-24T20:59:05.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Niebelungen (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.347653", "name": "VDB-347653 | libvips csvload.c vips_foreign_load_csv_build heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.347653", "name": "VDB-347653 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.758692", "name": "Submit #758692 | libvips 8.19.0(7fab325d2) Improper Validation of Array Index", "tags": ["third-party-advisory"]}, {"url": "https://github.com/libvips/libvips/issues/4874", "tags": ["issue-tracking"]}, {"url": "https://github.com/libvips/libvips/pull/4894", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/libvips/libvips/issues/4874#issue-3943617697", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/libvips/libvips/commit/b3ab458a25e0e261cbd1788474bbc763f7435780", "tags": ["patch"]}, {"url": "https://github.com/libvips/libvips/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-25T15:32:25.001378Z", "id": "CVE-2026-3147", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-25T15:32:34.675Z"}}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libvips:libvips:*:*:*:*:*:*:*:*", "matchCriteriaId": "33F39CED-5892-4FC2-836C-F03CF6299CB8", "versionEndIncluding": "8.18.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in libvips up to 8.18.0. This affects the function vips_foreign_load_csv_build of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch is identified as b3ab458a25e0e261cbd1788474bbc763f7435780. It is advisable to implement a patch to correct this issue."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en libvips hasta 8.18.0. Esta afecta a la funci\u00f3n vips_foreign_load_csv_build del archivo libvips/foreign/csvload.c que si se manipula se puede provocar un desbordamiento de b\u00fafer basado en mont\u00edculo. El ataque requiere un enfoque local. El exploit ha sido hecho p\u00fablico y podr\u00eda ser usado. El parche se identifica como b3ab458a25e0e261cbd1788474bbc763f7435780. Es aconsejable implementar el parche para corregir este problema."}], "id": "CVE-2026-3147", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-25T04:16:05.670", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/libvips/libvips/"}, {"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/libvips/libvips/commit/b3ab458a25e0e261cbd1788474bbc763f7435780"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/libvips/libvips/issues/4874"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/libvips/libvips/issues/4874#issue-3943617697"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/libvips/libvips/pull/4894"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.347653"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.347653"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.758692"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.0"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.1"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.2"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.3"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.4"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.5"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.6"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.7"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.8"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.9"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.10"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.11"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.12"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.13"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.14"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.15"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.16"}}, {"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "8.17"}}, {"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "8.18.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "libvips", "source": "cna", "vendor": "n/a"}, "product": "libvips", "vendor": "libvips"}], "analysis": {"en": {"generated_at": "2026-04-18T10:47:57.334326+00:00", "value": {"mitigation_remediation": ["Upgrade libvips to version 8.19.0 or later, or apply the patch commit b3ab458a25e0e261cbd1788474bbc763f7435780 to the csvload.c source", "Verify that all binaries and libraries linking against libvips are rebuilt to use the updated or patched version", "If patching cannot occur immediately, restrict local file system access for any applications that parse CSV files with libvips to limit the attack surface"], "summary": {"action": "Apply Patch", "impact": "Heap-based Buffer Overflow"}, "threat_synthesis": {"affected_systems": "All releases of libvips up to and including version 8.18.0 are affected. The issue is tied to the csvload.c component of libvips and is addressed in commit b3ab458a25e0e261cbd1788474bbc763f7435780. Users should review their installed libvips version and ensure it is updated beyond 8.18.0 or contains the patched source.", "description_and_impact": "A heap-based buffer overflow is triggered in the vips_foreign_load_csv_build function when libvips processes a specially crafted CSV file. Because the overflow corrupts adjacent heap memory, the program may crash; based on the description, it is inferred that an attacker with sufficient privileges could potentially achieve arbitrary code execution if the overflow is exploited. The vulnerability is strictly local, requiring the attacker to supply the malformed CSV input to a process that uses libvips.", "risk_and_exploitability": "The CVSS base score of 4.8 indicates moderate risk, while the EPSS score of less than 1% signals that publicly known exploitation is currently rare. The vulnerability is not listed in CISA\u2019s KEV catalog. Because the flaw is local and requires CSV parsing, the likelihood of exploitation is limited, but the availability of public exploit code means a cautious approach is warranted."}}}}, "created": "2026-02-25T11:34:47.220444+00:00", "updated": "2026-04-18T11:00:05.732482+00:00", "vendors": ["libvips", "libvips$PRODUCT$libvips"]}