| शीर्षक | libvips 8.19.0(7fab325d2) Integer Overflow or Wraparound |
|---|
| विवरण | In `libvips/conversion/extract.c`, function `vips_extract_area_build()` uses signed additions (`left + width`, `top + height`) in bounds checks. Large attacker-controlled coordinates can overflow and bypass validation. `vips_extract_area_gen()` propagates these unchecked offsets into region copy preparation, reaching invalid `memcpy` paths via `vips_region_copy`. The issue is reachable through normal `vips extract_area` CLI usage (with `--vips-max-coord` set high) and is reproducible with ASAN as `SEGV`. |
|---|
| स्रोत | ⚠️ https://github.com/libvips/libvips/issues/4879 |
|---|
| उपयोगकर्ता | Niebelungen (UID 95430) |
|---|
| सबमिशन | 15/02/2026 04:03 PM (4 महीनों पहले) |
|---|
| संयम | 26/02/2026 05:33 PM (11 days later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 348013 [libvips 8.19.0 extract.c vips_extract_area_build extract_area बफ़र ओवरफ़्लो] |
|---|
| अंक | 20 |
|---|