A vulnerability was detected in libvips 8.19.0. This affects the function vipsbandrankbuild of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now public and may be used. The patch is named fd28c5463697712cb0ab116a2c55e4f4d92c4088. It is suggested to install a patch to address this issue.
{
"cwe_ids": [
"CWE-119",
"CWE-122"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/3xxx/CVE-2026-3281.json",
"unresolved_ranges": [
{
"extracted_events": [
{
"introduced": "8.19.0"
},
{
"last_affected": "8.19.0"
}
],
"source": "AFFECTED_FIELD"
}
],
"cna_assigner": "VulDB"
}