Vulnerabilities ›

CVE-2026-3281

Medium

CWE-119 — Weakness Type

                    Published: Feb 27, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

5.3

🔗 NVD Official

📄 Description (English)

A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now public and may be used. The patch is named fd28c5463697712cb0ab116a2c55e4f4d92c4088. It is suggested to install a patch to address this issue.

🤖 AI Executive Summary

CVE-2026-3281 is a heap-based buffer overflow vulnerability in libvips 8.19.0 affecting the vips_bandrank_build function, exploitable through local manipulation of the index argument. The vulnerability has public exploits available and requires patching to mitigate risk.

📄 Description (Arabic)

ثغرة تجاوز المخزن المؤقت المستندة إلى الكومة في libvips 8.19.0 تؤثر على دالة معالجة الصور vips_bandrank_build. يمكن استغلال الثغرة محليًا من خلال التلاعب بمعامل الفهرس، مما قد يؤدي إلى تنفيذ كود عشوائي أو رفض الخدمة. تم الإفصاح عن الاستغلال علنًا ويتطلب تطبيق الإصلاح الفوري.

🤖 ملخص تنفيذي (AI)

A heap-based buffer overflow flaw exists in libvips 8.19.0 within the vips_bandrank_build function that can be triggered locally through index argument manipulation. Public exploits are available and organizations should apply the recommended patch immediately.

🤖 AI Intelligence Analysis Analyzed: May 29, 2026 12:11

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

banking telecom government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1068

⚖️ Saudi Risk Score (AI)

5.0

/ 10.0

🔧 Remediation Steps (English)

Update libvips to a patched version beyond 8.19.0 or apply patch fd28c5463697712cb0ab116a2c55e4f4d92c4088. Restrict local access to systems running vulnerable libvips versions. Monitor for exploitation attempts targeting image processing applications.

🔧 خطوات المعالجة (العربية)

قم بتحديث libvips إلى إصدار مصحح أحدث من 8.19.0 أو طبق الإصلاح fd28c5463697712cb0ab116a2c55e4f4d92c4088. قيد الوصول المحلي للأنظمة التي تقوم بتشغيل إصدارات libvips المعرضة للخطر. راقب محاولات الاستغلال التي تستهدف تطبيقات معالجة الصور.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.11.2.4 A.12.6.1

🔵 SAMA CSF

ID.RA-1 PR.IP-12

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1

🔗 References & Sources 8

🔗

https://github.com/libvips/libvips/

cna@vuldb.com

🔗

https://github.com/libvips/libvips/commit/fd28c5463697712cb0ab116a2c55e4f4d92c4088

cna@vuldb.com

🔗

https://github.com/libvips/libvips/issues/4878

cna@vuldb.com

🔗

https://github.com/libvips/libvips/issues/4878#issue-3944209102

cna@vuldb.com

🔗

https://github.com/libvips/libvips/pull/4895

cna@vuldb.com

🔗

https://vuldb.com/?ctiid.348010

cna@vuldb.com

🔗

https://vuldb.com/?id.348010

cna@vuldb.com

🔗

https://vuldb.com/?submit.758861

cna@vuldb.com

📊 CVSS Score

5.3

/ 10.0 — Medium

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityL — Low / Local

AvailabilityL — Low / Local

📋 Quick Facts

Severity Medium

CVSS Score5.3

CWECWE-119

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-02-27

Source Feed nvd

🇸🇦 Saudi Risk Score

5.0

/ 10.0 — Saudi Risk

Priority: MEDIUM

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

CVE-2026-3281

Introduce Yourself

Sign In Required