Skip to main content

Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

© 2026 Mondoo, Inc.

Privacy Policy Terms of Service Imprint

Vulnerability Intelligence

Vulnerability IntelligenceCVE-2026-3146

CVE-2026-3146

MEDIUM4.8

libvips matrixload.c vips_foreign_load_matrix_header null pointer dereference

Published Feb 25, 2026

Modified 2 weeks ago

Details

A vulnerability has been found in libvips up to 8.18.0. The impacted element is the function vips_foreign_load_matrix_header of the file libvips/foreign/matrixload.c. The manipulation leads to null pointer dereference. The attack needs to be performed locally. The identifier of the patch is d4ce337c76bff1b278d7085c3c4f4725e3aa6ece. To fix this issue, it is recommended to deploy a patch.

References

https://github.com/libvips/libvips/

https://github.com/libvips/libvips/commit/d4ce337c76bff1b278d7085c3c4f4725e3aa6ece

https://github.com/libvips/libvips/issues/4875

https://github.com/libvips/libvips/pull/4888

https://vuldb.com/?ctiid.347652

https://vuldb.com/?id.347652

https://vuldb.com/?submit.758691

https://www.cve.org/CVERecord?id=CVE-2026-3146

CVSS Analysis

CVSS v4.0

4.8

Exploitability

Attack Vector

LocalAV:L

Attack Complexity

LowAC:L

Attack Requirements

NoneAT:N

Privileges Required

LowPR:L

User Interaction

NoneUI:N

Vulnerable System

Vuln. Confidentiality

NoneVC:N

Vuln. Integrity

NoneVI:N

Vuln. Availability

LowVA:L

Subsequent System

Subseq. Confidentiality

NoneSC:N

Subseq. Integrity

NoneSI:N

Subseq. Availability

NoneSA:N

4.8/CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X

Weakness Type (CWE)

Memory Safety

NULL Pointer Dereference

Resource Management

Improper Resource Shutdown

Ecosystems

Timeline

PublishedFeb 25, 2026

ModifiedFeb 25, 2026

CVE-2026-3146 | Mondoo Vulnerability Intelligence