Browse all 3 CVE security advisories affecting libvips. AI-powered Chinese analysis, POCs, and references for each vulnerability.
libvips serves as a high-image processing library designed for speed and low memory usage, primarily used in web applications and media processing tools. Historically, it has faced vulnerabilities including remote code execution, buffer overflows, and denial-of-service conditions, often stemming from improper input validation in image parsing functions. The library's C-based architecture and focus on streaming processing introduce potential memory safety risks, though its minimal dependencies reduce attack surface compared to larger frameworks. While no major public incidents have been widely documented, the three recorded CVEs highlight ongoing challenges in handling malformed image data, particularly in environments processing untrusted user uploads.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-59933 | libvips is vulnerable to Buffer Over-Read in poppler-based pdfload — libvipsCWE-126 | 8.8AI | HighAI | 2025-09-29 |
| CVE-2025-29769 | libvips has a potential heap-based buffer overflow when attempting to convert multiband TIFF input to HEIF output — libvipsCWE-122 | 5.5AI | MediumAI | 2025-04-07 |
| CVE-2023-40032 | Potential segfault due to NULL pointer dereference in libvips — libvipsCWE-476 | 5.5 | Medium | 2023-09-11 |
This page lists every published CVE security advisory associated with libvips. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.