Volerion logoVolerion
Volerion logoVolerion

libvips Out-of-Bounds Read Vulnerability in Unpremultiply Function

Vulnerability

A vulnerability allowing out-of-bounds read has been identified in libvips version 8.19.0. The issue arises in the unpremultiply function, where the alpha_band parameter is not properly validated before being used as a direct index for pixel data. This oversight can lead to unauthorized memory access, specifically a heap-buffer-overflow, which is reported by AddressSanitizer. The vulnerability must be exploited locally, and a proof-of-concept exploit is available.

Impact

Exploitation of this vulnerability causes a heap-buffer-overflow, leading to out-of-bounds memory access.

Reproduction

The vulnerability can be reproduced by using the 'vips' command-line tool with the 'unpremultiply' operation. After preparing a 3-band image, the 'unpremultiply' command can be executed with an 'alpha-band' value that exceeds the valid range, such as 10. This triggers the out-of-bounds access in the 'vips_unpremultiply_gen' function, causing the reported heap-buffer-overflow.

Remediation

Users are advised to update to libvips version 8.19.1 or later, where this vulnerability has been fixed.

Added: Feb 27, 2026, 3:23 AM
Updated: Feb 27, 2026, 3:23 AM

Vulnerability Rating

Custom Algorithm
spread
6.6
impact
0.6
exploitability
4.6
remediation
7.7
relevance
3.3
threat
6.4
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.