Vulnerabilities ›

CVE-2026-3282

Low

CWE-119 — Weakness Type

                    Published: Feb 27, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

3.3

🔗 NVD Official

📄 Description (English)

A flaw has been found in libvips 8.19.0. This vulnerability affects the function vips_unpremultiply_build of the file libvips/conversion/unpremultiply.c. Executing a manipulation of the argument alpha_band can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been published and may be used. This patch is called 7215ead1e0cd7d3703cc4f5fca06d7d0f4c22b91. A patch should be applied to remediate this issue.

🤖 AI Executive Summary

CVE-2026-3282 is a low-severity out-of-bounds read vulnerability in libvips 8.19.0's unpremultiply function that can be exploited locally through manipulation of the alpha_band argument. The vulnerability requires local access and has a published exploit, necessitating prompt patching.

📄 Description (Arabic)

ثغرة في مكتبة معالجة الصور libvips الإصدار 8.19.0 تسمح بقراءة البيانات خارج حدود الذاكرة المخصصة عند التلاعب بمعامل alpha_band في دالة vips_unpremultiply_build. الهجوم يتطلب وصول محلي والاستغلال متاح بالفعل.

🤖 ملخص تنفيذي (AI)

This vulnerability in libvips 8.19.0 allows local attackers to trigger out-of-bounds memory reads by manipulating the alpha_band parameter in the unpremultiply function. Although low severity, the published exploit and local attack vector warrant timely remediation for affected systems.

🤖 AI Intelligence Analysis Analyzed: May 30, 2026 08:02

🇸🇦 Saudi Arabia Impact Assessment

Saudi Relevance: medium

🏢 Affected Saudi Sectors

government healthcare

🎯 MITRE ATT&CK Techniques

T1190 T1059

⚖️ Saudi Risk Score (AI)

3.0

/ 10.0

🔧 Remediation Steps (English)

Update libvips to a patched version beyond 8.19.0 or apply patch 7215ead1e0cd7d3703cc4f5fca06d7d0f4c22b91. Restrict local access to systems running vulnerable versions and monitor for exploitation attempts.

🔧 خطوات المعالجة (العربية)

قم بتحديث libvips إلى إصدار مصحح أحدث من 8.19.0 أو طبق التصحيح 7215ead1e0cd7d3703cc4f5fca06d7d0f4c22b91. قيد الوصول المحلي للأنظمة التي تعمل بالإصدارات الضعيفة ومراقبة محاولات الاستغلال.

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.12.6.1 A.14.2.1

🔵 SAMA CSF

ID.RA-1 PR.IP-12

🟡 ISO 27001:2022

12.6.1 14.2.1

🔗 References & Sources 8

🔗

https://github.com/libvips/libvips/

cna@vuldb.com

🔗

https://github.com/libvips/libvips/commit/7215ead1e0cd7d3703cc4f5fca06d7d0f4c22b91

cna@vuldb.com

🔗

https://github.com/libvips/libvips/issues/4881

cna@vuldb.com

🔗

https://github.com/libvips/libvips/issues/4881#issue-3944216443

cna@vuldb.com

🔗

https://github.com/libvips/libvips/pull/4886

cna@vuldb.com

🔗

https://vuldb.com/?ctiid.348011

cna@vuldb.com

🔗

https://vuldb.com/?id.348011

cna@vuldb.com

🔗

https://vuldb.com/?submit.758862

cna@vuldb.com

📊 CVSS Score

3.3

/ 10.0 — Low

📊 CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Attack VectorL — Low / Local

Attack ComplexityL — Low / Local

Privileges RequiredL — Low / Local

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityL — Low / Local

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity Low

CVSS Score3.3

CWECWE-119

EPSS0.02%

Exploit No

Patch ✗ No

Published 2026-02-27

Source Feed nvd

🇸🇦 Saudi Risk Score

3.0

/ 10.0 — Saudi Risk

Priority: LOW

🏷️ Tags

CWE-119

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-3282

💬 Comments

Introduce Yourself

Sign In Required