{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-3281", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-02-26T16:32:51.873Z", "datePublished": "2026-02-27T02:02:10.922Z", "dateUpdated": "2026-02-27T18:56:21.995Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-27T02:02:10.922Z"}, "title": "libvips bandrank.c vips_bandrank_build heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "n/a", "product": "libvips", "versions": [{"version": "8.19.0", "status": "affected"}], "cpes": ["cpe:2.3:a:libvips:libvips:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now public and may be used. The patch is named fd28c5463697712cb0ab116a2c55e4f4d92c4088. It is suggested to install a patch to address this issue."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-02-26T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-02-26T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-26T17:38:14.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Niebelungen (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.348010", "name": "VDB-348010 | libvips bandrank.c vips_bandrank_build heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.348010", "name": "VDB-348010 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.758861", "name": "Submit #758861 | libvips 8.19.0(7fab325d2) Improper Validation of Array Index", "tags": ["third-party-advisory"]}, {"url": "https://github.com/libvips/libvips/issues/4878", "tags": ["issue-tracking"]}, {"url": "https://github.com/libvips/libvips/pull/4895", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/libvips/libvips/issues/4878#issue-3944209102", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/libvips/libvips/commit/fd28c5463697712cb0ab116a2c55e4f4d92c4088", "tags": ["patch"]}, {"url": "https://github.com/libvips/libvips/", "tags": ["product"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-27T18:56:04.559891Z", "id": "CVE-2026-3281", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T18:56:21.995Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-3281", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-27T18:56:04.559891Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-27T18:56:13.805Z"}}], "cna": {"tags": ["x_open-source"], "title": "libvips bandrank.c vips_bandrank_build heap-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "Niebelungen (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "affected": [{"cpes": ["cpe:2.3:a:libvips:libvips:*:*:*:*:*:*:*:*"], "vendor": "n/a", "product": "libvips", "versions": [{"status": "affected", "version": "8.19.0"}]}], "timeline": [{"lang": "en", "time": "2026-02-26T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-02-26T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-02-26T17:38:14.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.348010", "name": "VDB-348010 | libvips bandrank.c vips_bandrank_build heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.348010", "name": "VDB-348010 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.758861", "name": "Submit #758861 | libvips 8.19.0(7fab325d2) Improper Validation of Array Index", "tags": ["third-party-advisory"]}, {"url": "https://github.com/libvips/libvips/issues/4878", "tags": ["issue-tracking"]}, {"url": "https://github.com/libvips/libvips/pull/4895", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/libvips/libvips/issues/4878#issue-3944209102", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/libvips/libvips/commit/fd28c5463697712cb0ab116a2c55e4f4d92c4088", "tags": ["patch"]}, {"url": "https://github.com/libvips/libvips/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now public and may be used. The patch is named fd28c5463697712cb0ab116a2c55e4f4d92c4088. It is suggested to install a patch to address this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-27T02:02:10.922Z"}}}, "cveMetadata": {"cveId": "CVE-2026-3281", "state": "PUBLISHED", "dateUpdated": "2026-02-27T18:56:21.995Z", "dateReserved": "2026-02-26T16:32:51.873Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-02-27T02:02:10.922Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libvips:libvips:8.19.0:*:*:*:*:*:*:*", "matchCriteriaId": "180A1691-C529-44F7-B4C3-92A1A9618594", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now public and may be used. The patch is named fd28c5463697712cb0ab116a2c55e4f4d92c4088. It is suggested to install a patch to address this issue."}, {"lang": "es", "value": "Una vulnerabilidad fue detectada en libvips 8.19.0. Esto afecta la funci\u00f3n vips_bandrank_build del archivo libvips/conversion/bandrank.c. Realizar una manipulaci\u00f3n del argumento index resulta en desbordamiento de b\u00fafer basado en mont\u00edculo. El ataque debe ser iniciado desde una posici\u00f3n local. El exploit ahora es p\u00fablico y puede ser usado. El parche se llama fd28c5463697712cb0ab116a2c55e4f4d92c4088. Se sugiere instalar un parche para abordar este problema."}], "id": "CVE-2026-3281", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 1.9, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-27T02:16:20.963", "references": [{"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://github.com/libvips/libvips/"}, {"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/libvips/libvips/commit/fd28c5463697712cb0ab116a2c55e4f4d92c4088"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/libvips/libvips/issues/4878"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://github.com/libvips/libvips/issues/4878#issue-3944209102"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/libvips/libvips/pull/4895"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.348010"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.348010"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.758861"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "8.19.0"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "libvips", "source": "cna", "vendor": "n/a"}, "product": "libvips", "vendor": "libvips"}], "analysis": {"en": {"generated_at": "2026-04-16T15:36:09.865154+00:00", "value": {"mitigation_remediation": ["Apply the commit fd28c5463697712cb0ab116a2c55e4f4d92c4088 to the libvips source or use a packaged version that includes this patch", "Upgrade to a newer libvips release that incorporates the patch", "If immediate upgrade is not possible, isolate the vulnerable binaries and restrict local user access to prevent execution of untrusted code"], "summary": {"action": "Apply Patch", "impact": "Heap\u2011based buffer overflow in libvips 8.19.0"}, "threat_synthesis": {"affected_systems": "The issue affects installations of libvips version 8.19.0. Systems that have this version without the patch are vulnerable; newer releases are assumed to contain the fix.", "description_and_impact": "A local attacker can manipulate the index argument to the vips_bandrank_build function in libvips, causing a heap\u2011based buffer overflow. The vulnerability may corrupt heap memory, leading to crashes, denial of service, or potentially arbitrary code execution if the memory layout permits influence over control data. The flaw is limited to local exploitation but the exploit code is publicly available.", "risk_and_exploitability": "The CVSS score of 4.8 indicates moderate severity, and the EPSS score of less than 1\u202f% suggests that attacks are currently unlikely but not impossible. The vulnerability is not listed in CISA\u2019s KEV catalog. Exploitation requires local access, but the presence of a public exploit and the buffer overrun make it a potentially high\u2011impact risk if an attacker can gain local privileges or run untrusted code on the system."}}}}, "created": "2026-02-27T09:12:26.318562+00:00", "updated": "2026-04-16T15:45:16.073605+00:00", "vendors": ["libvips", "libvips$PRODUCT$libvips"]}