Submeter #758863: libvips 8.19.0(7fab325d2) Integer Overflow or Wraparoundinformação

Títulolibvips 8.19.0(7fab325d2) Integer Overflow or Wraparound
DescriçãoIn `libvips/conversion/extract.c`, function `vips_extract_band_build()` validates range using signed addition (`extract->band + extract->n > bands`). Large attacker-controlled values can overflow signed `int` and bypass this check. `vips_extract_band_buffer()` then computes `p = in[0] + extract->band * es` and dereferences the invalid pointer in the copy loop, causing out-of-bounds read and crash. The issue is reachable from normal `vips extract_band` CLI usage (with `--vips-max-coord` set high) and is reproducible with ASAN (`SEGV` at `extract.c:378`).
Fonte⚠️ https://github.com/libvips/libvips/issues/4880
Utilizador
 Niebelungen (UID 95430)
Submissão15/02/2026 16h02 (há 4 meses)
Moderação26/02/2026 17h33 (11 days later)
EstadoAceite
Entrada VulDB348012 [libvips 8.19.0 extract.c vips_extract_band_build extract_band Divulgação de Informação]
Pontos20

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!