CVE-2026-6491

| EUVD-2026-23432 MEDIUM
2026-04-17 VulDB
Heap Overflow Buffer Overflow Libvips
4.8
CVSS 4.0
Share

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Apr 17, 2026 - 14:28 vuln.today
CVSS Changed
Apr 17, 2026 - 14:22 NVD
5.3 (MEDIUM) 4.8 (MEDIUM)

DescriptionNVD

A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such manipulation of the argument n leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed publicly and may be used. The vendor confirms that they will "be removing the deprecated area in libvips 8.19".

AnalysisAI

Heap-based buffer overflow in libvips up to version 8.18.2 via the deprecated im_minpos_vec function in libvips/deprecated/vips7compat.c allows authenticated local attackers to trigger memory corruption through manipulation of the argument n, with publicly available exploit code confirmed and vendor commitment to remove the deprecated code in libvips 8.19.

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-6491 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy