CVE-2026-3281

MEDIUM
2026-02-27 [email protected]
5.3
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Analysis Generated
Mar 12, 2026 - 21:55 vuln.today
Patch Released
Mar 02, 2026 - 17:59 nvd
Patch available
PoC Detected
Mar 02, 2026 - 17:59 vuln.today
Public exploit code
CVE Published
Feb 27, 2026 - 02:16 nvd
MEDIUM 5.3

Tags

Buffer Overflow Heap Overflow Libvips

Description

A vulnerability was detected in libvips 8.19.0. This affects the function vips_bandrank_build of the file libvips/conversion/bandrank.c. Performing a manipulation of the argument index results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit is now public and may be used. The patch is named fd28c5463697712cb0ab116a2c55e4f4d92c4088. It is suggested to install a patch to address this issue.

Analysis

Heap-based buffer overflow in libvips 8.19.0's vips_bandrank_build function can be triggered by manipulating the index argument, allowing local attackers with user privileges to corrupt heap memory and potentially achieve code execution. Public exploit code exists for this vulnerability, and a patch is available to address the issue.

Sign in for full analysis, threat intelligence, and remediation guidance.

Remediation

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Sign in for detailed remediation steps.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Priority Score

47
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +26
POC: +20

Share

CVE-2026-3281 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy