CVE-2026-2913 | libvips up to 8.19.0 libvips/iofuncs/source.c vips_source_read_to_memory heap-based overflow (Issue 4857)

A vulnerability was found in libvips up to 8.19.0. It has been rated as problematic. The affected element is the function vips_source_read_to_memory of the file libvips/iofuncs/source.c. This manipulation causes heap-based buffer overflow.

This vulnerability is handled as CVE-2026-2913. It is possible to launch the attack on the local host. Additionally, an exploit exists.

Applying a patch is the recommended action to fix this issue.

The confirmation of the bugfix mentions: “[T]he impact of this is negligible, since this only affects custom seekable sources larger than 4 GiB (and the crash occurs in user code rather than libvips itself).”

CVE-2026-2913 | libvips up to 8.19.0 libvips/iofuncs/source.c vips_source_read_to_memory heap-based overflow (Issue 4857)

Post correlati

CVE-2024-49090 | Microsoft

CVE-2025-2540 | prettyPhoto Library Plugin up to 3.1.6 cross site scripting

CVE-2025-24582 | Code for Recovery 12 Step Meeting List Plugin up to 3.16.5 on WordPress insertion of sensitive information into sent data

CVE-2024-1452 | GenerateBlocks Plugin up to 1.8.2 on WordPress information disclosure