| शीर्षक | libvips (libvips project) libvips 8.19.0 Integer Overflow to Buffer Overflow |
|---|
| विवरण | In vips_source_read_to_memory() (called via vips_source_map()), a 64-bit source->length is used to size a GByteArray via g_byte_array_set_size() (32-bit guint). For sources larger than G_MAXUINT (>4GiB), the allocation truncates but the subsequent read loop writes up to the full 64-bit length, causing a heap-buffer-overflow. Triggered when libvips processes a seekable VipsSource with length >4GiB and uses the read-to-memory fallback (e.g., when mmap() is unavailable/fails). |
|---|
| स्रोत | ⚠️ https://github.com/libvips/libvips/issues/4857 |
|---|
| उपयोगकर्ता | Niebelungen (UID 95430) |
|---|
| सबमिशन | 10/02/2026 09:52 AM (2 महीनों पहले) |
|---|
| संयम | 20/02/2026 09:21 PM (10 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 347222 [libvips तक 8.19.0 libvips/iofuncs/source.c vips_source_read_to_memory बफ़र ओवरफ़्लो] |
|---|
| अंक | 20 |
|---|