Vulnerabilities ›

CVE-2026-3283

Low

A vulnerability has been found in libvips 8.19.0. This issue affects the function vips_extract_band_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_band leads

CWE-119 — Weakness Type

                    Published: Feb 27, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

3.3

🔗 NVD Official

📄 Description (English)

A vulnerability has been found in libvips 8.19.0. This issue affects the function vips_extract_band_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_band leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. To fix this issue, it is recommended to deploy a patch.

🤖 AI Executive Summary

CVE-2026-3283 is a low-severity out-of-bounds read vulnerability in libvips 8.19.0 affecting the vips_extract_band_build function, requiring local access to exploit. The vulnerability has been publicly disclosed and a patch is available for remediation.

📄 Description (Arabic)

ثغرة قراءة خارج الحدود في مكتبة معالجة الصور libvips الإصدار 8.19.0 في دالة vips_extract_band_build. تتطلب الثغرة وصول محلي للاستغلال وقد تؤدي إلى تسرب البيانات أو توقف التطبيق.

🤖 ملخص تنفيذي (AI)

CVE-2026-3283 عبارة عن ثغرة قراءة خارج الحدود منخفضة الخطورة في libvips 8.19.0 تؤثر على دالة vips_extract_band_build وتتطلب وصول محلي للاستغلال. تم الكشف عن الثغرة علنا وتوجد رقعة إصلاح متاحة.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 08:02

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government healthcare banking

🎯 MITRE ATT&CK Techniques

T1190 T1059

⚖️ Saudi Risk Score (AI)

3.0

/ 10.0

🔧 Remediation Steps (English)

Update libvips to a patched version beyond 8.19.0 that includes commit 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. Validate and sanitize the extract_band argument in image processing workflows. Implement input validation to prevent malformed band extraction parameters.

🔧 خطوات المعالجة (العربية)

قم بتحديث libvips إلى إصدار مصحح يتجاوز 8.19.0 يتضمن الالتزام 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. تحقق من صحة معامل extract_band وقم بتنظيفه في سير عمل معالجة الصور. قم بتنفيذ التحقق من صحة الإدخال لمنع معاملات استخراج النطاق المشوهة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.RA-1 PR.IP-12

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1 A.14.2.5

🔗 References & Sources 8

🔗

https://github.com/libvips/libvips/

cna@vuldb.com

🔗

https://github.com/libvips/libvips/commit/24795bb3d19d84f7b6f5ed86451ad556c8f2fe70

cna@vuldb.com

🔗

https://github.com/libvips/libvips/issues/4880

cna@vuldb.com

🔗

https://github.com/libvips/libvips/issues/4880#issue-3944214985

cna@vuldb.com

🔗

https://github.com/libvips/libvips/pull/4887

cna@vuldb.com

🔗

https://vuldb.com/?ctiid.348012

cna@vuldb.com

🔗

https://vuldb.com/?id.348012

cna@vuldb.com

🔗

https://vuldb.com/?submit.758863

cna@vuldb.com

📊 CVSS Score

3.3

/ 10.0 — Low

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Low

CVSS Score3.3

CWECWE-119

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-02-27

Source Feed nvd

🇸🇦 Saudi Risk Score

3.0

/ 10.0 — Saudi Risk

Priority: LOW

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-3283

💬 Comments

Introduce Yourself

Sign In Required