Description
A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. The manipulation leads to null pointer dereference. The attack needs to be performed locally. The identifier of the patch is d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. To fix this issue, it is recommended to deploy a patch.
Published: 2026-02-25
Score: 4.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Patch Now
AI Analysis

Impact

The flaw resides in libvips' matrixload.c, where the function vips_foreign_load_matrix_header fails to validate a pointer before dereferencing it. When a malicious or malformed matrix header is processed, the library will crash with a null‑pointer dereference, terminating the process. The weakness corresponds to CWE‑476 and CWE‑404, and the result is a denial‑of‑service condition that disrupts any application using the library.

Affected Systems

The security issue affects the libvips image processing library versions up to and including 8.18.0, regardless of language interface. Any application or service that links against an affected libvips binary and processes matrix files from untrusted sources is susceptible. Newer releases above 8.18.0 contain the patch that fixes the dereference bug.

Risk and Exploitability

The CVSS base score of 4.8 indicates a moderate impact, while an EPSS score of less than 1% reflects a low probability of exploitation. The vulnerability requires local access to a process that loads a matrix file, so it is not remotely exploitable. It does not grant privilege escalation or data exfiltration; the primary risk is that a local attacker could cause service interruption by supplying crafted matrix data. The issue is not listed in CISA's KEV catalog.

Generated by OpenCVE AI on April 17, 2026 at 15:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest libvips release (≥ v8.18.1) that includes the commit d4ce337c76bff1b278d7085c3c4f4725e3aa6ece.
  • If an upgrade is not immediately feasible, sanitize or validate all matrix file inputs before they are handed to libvips.
  • Restrict the execution context of any processes that use libvips to a least‑privilege sandbox, limiting local attacker impact.

Generated by OpenCVE AI on April 17, 2026 at 15:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 25 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Feb 2026 03:15:00 +0000

Type Values Removed Values Added
Description A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. The manipulation leads to null pointer dereference. The attack needs to be performed locally. The identifier of the patch is d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. To fix this issue, it is recommended to deploy a patch.
Title libvips matrixload.c vips_foreign_load_matrix_header null pointer dereference
First Time appeared Libvips
Libvips libvips
Weaknesses CWE-404
CWE-476
CPEs cpe:2.3:a:libvips:libvips:*:*:*:*:*:*:*:*
Vendors & Products Libvips
Libvips libvips
References
Metrics cvssV2_0

{'score': 1.7, 'vector': 'AV:L/AC:L/Au:S/C:N/I:N/A:P/E:ND/RL:OF/RC:C'}

cvssV3_0

{'score': 3.3, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C'}

cvssV3_1

{'score': 3.3, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C'}

cvssV4_0

{'score': 4.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X'}

Subscriptions

Libvips Libvips
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-25T15:52:33.882Z

Reserved: 2026-02-24T19:53:47.620Z

Link: CVE-2026-3146

cve-icon Vulnrichment

Updated: 2026-02-25T15:52:19.904Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-25T03:16:07.460

Modified: 2026-02-25T20:56:00.587

Link: CVE-2026-3146

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T15:30:06Z

Weaknesses