{"id":"CVE-2026-3146","details":"A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. The manipulation leads to null pointer dereference. The attack needs to be performed locally. The identifier of the patch is d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. To fix this issue, it is recommended to deploy a patch.","modified":"2026-04-12T20:28:26.345967Z","published":"2026-02-25T03:16:07.460Z","related":["CGA-45g6-3q9p-wwfh"],"references":[{"type":"WEB","url":"https://github.com/libvips/libvips/"},{"type":"ADVISORY","url":"https://vuldb.com/?id.347652"},{"type":"ADVISORY","url":"https://vuldb.com/?submit.758691"},{"type":"REPORT","url":"https://github.com/libvips/libvips/issues/4875"},{"type":"REPORT","url":"https://vuldb.com/?ctiid.347652"},{"type":"FIX","url":"https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece"},{"type":"FIX","url":"https://github.com/libvips/libvips/pull/4888"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libvips/libvips","events":[{"introduced":"0"},{"last_affected":"36fe7461e07f71107a9108e5778eec81ce00fe73"},{"fixed":"d4ce337c76bff1b278d7085c3c4f4725e3aa6ece"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"8.18.0"}]}}],"versions":["v7.28.0","v8.0-beta","v8.1","v8.10.0","v8.10.0-beta1","v8.10.0-beta2","v8.10.0-rc1","v8.10.0-rc2","v8.10.6-beta2","v8.11","v8.11.0","v8.11.0-rc1","v8.12.0","v8.12.0-rc1","v8.13.0","v8.13.0-pre1","v8.13.0-rc1","v8.13.0-rc2","v8.14.0","v8.14.0-rc1","v8.15.0","v8.15.0-rc2","v8.16.0","v8.16.0-rc1","v8.16.0-rc2","v8.17.0","v8.17.0-rc1","v8.17.0-test1","v8.17.0-test2","v8.17.0-test3","v8.17.0-test4","v8.18.0","v8.18.0-alpha1","v8.18.0-alpha2","v8.18.0-rc1","v8.18.0-rc2","v8.18.0-rc3","v8.2.2","v8.3.0","v8.5.1","v8.5.2","v8.5.3","v8.6.0","v8.6.0-alpha1","v8.6.0-alpha2","v8.6.0-beta1","v8.6.0-beta2","v8.7.0","v8.7.0-alpha2","v8.7.0-rc1","v8.7.0-rc2","v8.7.0-rc3","v8.8.0","v8.8.0-rc1","v8.8.0-rc2","v8.8.0-rc3","v8.9.0","v8.9.0-alpha1","v8.9.0-beta1","v8.9.0-beta2","v8.9.0-rc1","v8.9.0-rc2","v8.9.0-rc3","v8.9.0-rc4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-3146.json","vanir_signatures":[{"id":"CVE-2026-3146-1e4c3cfe","target":{"file":"libvips/foreign/matrixload.c"},"signature_version":"v1","digest":{"line_hashes":["214137444763094919027595405206991934682","114125915424102214094943941015255073055","240227623464099024081197313043448215093","90075972502540572096863703136720591100","56619882688938754791021034650033918168","10903083153015923233814538361063596546","335913967601425406070766086758492307120","317078161876553776787656224675560684357","108688021650018986246375798821244774845","339488972693747747186842951161774281954","4471853130159302643669692878468166204","40954129459416673119987586640381411554","204474679123632465651305439243518257018","135121928896590355896168127708105478417","199362686267934192609032806378139263803","118978140758447448984422943984007965713","3859712564267575573475615035681001403","107127726650899297619048645180787554973","236752353468258317478061440098662235342","61439449913472198375666097582782687736","71308422648280875497590292553751626247","212012641635761051619653513246956545905","258763950903283639199892549237237735633","153816381251264239906348917164900966304","137707530634529074046672766073432150548","210945127218468499181505320029252210587","28789498119242513566930440120213995209","334070731203497138606498282894307450084","98943214030291583785470334570296265128"],"threshold":0.9},"deprecated":false,"signature_type":"Line","source":"https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece"},{"id":"CVE-2026-3146-764af691","target":{"function":"parse_matrix_header","file":"libvips/foreign/matrixload.c"},"signature_version":"v1","digest":{"length":1194,"function_hash":"267575534050077994414209450854243099589"},"deprecated":false,"signature_type":"Function","source":"https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece"},{"id":"CVE-2026-3146-9a36fa20","target":{"function":"vips_foreign_load_matrix_header","file":"libvips/foreign/matrixload.c"},"signature_version":"v1","digest":{"length":820,"function_hash":"274096035013621786525006410848199836078"},"deprecated":false,"signature_type":"Function","source":"https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece"}],"vanir_signatures_modified":"2026-04-12T20:28:26Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}