Vulnerabilities ›

CVE-2026-3284

Low

CWE-189 — Weakness Type

                    Published: Feb 27, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

3.3

🔗 NVD Official

📄 Description (English)

A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in integer overflow. The attack requires a local approach. The exploit has been made public and could be used. The patch is identified as 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. It is advisable to implement a patch to correct this issue.

🤖 AI Executive Summary

CVE-2026-3284 is an integer overflow vulnerability in libvips 8.19.0's vips_extract_area_build function that requires local access to exploit. The vulnerability affects image processing operations and has a public exploit available.

📄 Description (Arabic)

يوجد ثغرة تجاوز عدد صحيح في مكتبة libvips الإصدار 8.19.0 في دالة vips_extract_area_build عند التعامل مع معامل extract_area. تتطلب الثغرة وصولاً محلياً للنظام وتم الإفصاح عن استغلال عام لها.

🤖 ملخص تنفيذي (AI)

A vulnerability in libvips 8.19.0 allows integer overflow through the extract_area argument in local attack scenarios. This affects image processing functionality with publicly disclosed exploit code.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 08:02

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1068

⚖️ Saudi Risk Score (AI)

3.0

/ 10.0

🔧 Remediation Steps (English)

Update libvips to version 8.19.1 or later that includes patch 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. Restrict local system access to trusted users only. Monitor systems for suspicious image processing activities.

🔧 خطوات المعالجة (العربية)

قم بتحديث libvips إلى الإصدار 8.19.1 أو أحدث الذي يتضمن التصحيح المحدد. قيد الوصول المحلي للنظام للمستخدمين الموثوقين فقط. راقب الأنظمة للكشف عن أنشطة معالجة الصور المريبة.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.14.2.1 A.12.6.1

🔵 SAMA CSF

ID.RA-1 PR.IP-12

🟡 ISO 27001:2022

A.12.6.1 A.14.2.1

🔗 References & Sources 8

🔗

https://github.com/libvips/libvips/

cna@vuldb.com

🔗

https://github.com/libvips/libvips/commit/24795bb3d19d84f7b6f5ed86451ad556c8f2fe70

cna@vuldb.com

🔗

https://github.com/libvips/libvips/issues/4879

cna@vuldb.com

🔗

https://github.com/libvips/libvips/issues/4879#issue-3944211794

cna@vuldb.com

🔗

https://github.com/libvips/libvips/pull/4887

cna@vuldb.com

🔗

https://vuldb.com/?ctiid.348013

cna@vuldb.com

🔗

https://vuldb.com/?id.348013

cna@vuldb.com

🔗

https://vuldb.com/?submit.758864

cna@vuldb.com

📊 CVSS Score

3.3

/ 10.0 — Low

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityN — None / Network

IntegrityN — None / Network

AvailabilityL — Low / Local

📋 Quick Facts

Severity Low

CVSS Score3.3

CWECWE-189

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-02-27

Source Feed nvd

🇸🇦 Saudi Risk Score

3.0

/ 10.0 — Saudi Risk

Priority: LOW

🏷️ Tags

CWE-189

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-3284

💬 Comments

Introduce Yourself

Sign In Required