Submeter #755224: libvips (libvips project) libvips 8.19.0 Integer Overflow to Buffer Overflowinformação

Títulolibvips (libvips project) libvips 8.19.0 Integer Overflow to Buffer Overflow
DescriçãoIn vips_source_read_to_memory() (called via vips_source_map()), a 64-bit source->length is used to size a GByteArray via g_byte_array_set_size() (32-bit guint). For sources larger than G_MAXUINT (>4GiB), the allocation truncates but the subsequent read loop writes up to the full 64-bit length, causing a heap-buffer-overflow. Triggered when libvips processes a seekable VipsSource with length >4GiB and uses the read-to-memory fallback (e.g., when mmap() is unavailable/fails).
Fonte⚠️ https://github.com/libvips/libvips/issues/4857
Utilizador
 Niebelungen (UID 95430)
Submissão10/02/2026 09h52 (há 2 meses)
Moderação20/02/2026 21h21 (10 days later)
EstadoAceite
Entrada VulDB347222 [libvips até 8.19.0 libvips/iofuncs/source.c vips_source_read_to_memory Excesso de tampão]
Pontos20

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!