Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-d5bp-3xp3-uygr

Summary A vulnerability has been found in libvips 8.19.0. This issue affects the function vips_extract_band_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_band leads to out-of-bounds read. The attack needs to be performed locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is 24795bb3d19d84f7b6f5ed86451ad556c8f2fe70. To fix this issue, it is recommended to deploy a patch.

Aliases

alias	CVE-2026-3283

Fixed_packages

url pkg:deb/debian/vips@8.14.1-3%2Bdeb12u3?distro=trixie

purl pkg:deb/debian/vips@8.14.1-3%2Bdeb12u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-w1c6-b16t-ufcv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.14.1-3%252Bdeb12u3%3Fdistro=trixie

url pkg:deb/debian/vips@8.14.1-3%2Bdeb12u3

purl pkg:deb/debian/vips@8.14.1-3%2Bdeb12u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-w1c6-b16t-ufcv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.14.1-3%252Bdeb12u3

url pkg:deb/debian/vips@8.16.1-1%2Bdeb13u1?distro=trixie

purl pkg:deb/debian/vips@8.16.1-1%2Bdeb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-w1c6-b16t-ufcv

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.16.1-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/vips@8.18.0-3?distro=trixie
purl	pkg:deb/debian/vips@8.18.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.18.0-3%3Fdistro=trixie

url	pkg:deb/debian/vips@8.18.2-1?distro=trixie
purl	pkg:deb/debian/vips@8.18.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.18.2-1%3Fdistro=trixie

url	pkg:deb/debian/vips@8.18.3-1?distro=trixie
purl	pkg:deb/debian/vips@8.18.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.18.3-1%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/vips@8.10.5-2?distro=trixie

purl pkg:deb/debian/vips@8.10.5-2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8946-28v3-6yh7

vulnerability	VCID-cz3w-5229-yqbb

vulnerability	VCID-d5bp-3xp3-uygr

vulnerability	VCID-dfdn-svbh-5uhx

vulnerability	VCID-jy3m-nthz-g3e6

vulnerability	VCID-quau-v1s5-b3a4

vulnerability	VCID-um8m-4ww1-tke3

vulnerability	VCID-w1c6-b16t-ufcv

vulnerability	VCID-zcms-g4vq-4bgs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.10.5-2%3Fdistro=trixie

url pkg:deb/debian/vips@8.10.5-2

purl pkg:deb/debian/vips@8.10.5-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3vx1-357j-6qh3

vulnerability	VCID-8946-28v3-6yh7

vulnerability	VCID-cz3w-5229-yqbb

vulnerability	VCID-d5bp-3xp3-uygr

vulnerability	VCID-dfdn-svbh-5uhx

vulnerability	VCID-jy3m-nthz-g3e6

vulnerability	VCID-quau-v1s5-b3a4

vulnerability	VCID-um8m-4ww1-tke3

vulnerability	VCID-w1c6-b16t-ufcv

vulnerability	VCID-zcms-g4vq-4bgs

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/vips@8.10.5-2

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-3283

reference_id

reference_type

scores

value	0.0001
scoring_system	epss
scoring_elements	0.01287
published_at	2026-06-11T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01295
published_at	2026-06-14T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01291
published_at	2026-06-13T12:55:00Z

value	0.0001
scoring_system	epss
scoring_elements	0.01283
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-3283

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3283
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3283

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129310
reference_id	1129310
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129310

reference_url

https://github.com/libvips/libvips/commit/24795bb3d19d84f7b6f5ed86451ad556c8f2fe70

reference_id

24795bb3d19d84f7b6f5ed86451ad556c8f2fe70

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T18:49:06Z/

url

https://github.com/libvips/libvips/commit/24795bb3d19d84f7b6f5ed86451ad556c8f2fe70

reference_url

https://github.com/libvips/libvips/issues/4880

reference_id

4880

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T18:49:06Z/

url

https://github.com/libvips/libvips/issues/4880

reference_url

https://github.com/libvips/libvips/issues/4880#issue-3944214985

reference_id

4880#issue-3944214985

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T18:49:06Z/

url

https://github.com/libvips/libvips/issues/4880#issue-3944214985

reference_url

https://github.com/libvips/libvips/pull/4887

reference_id

4887

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T18:49:06Z/

url

https://github.com/libvips/libvips/pull/4887

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libvips:libvips::::::::
reference_id	cpe:2.3:a:libvips:libvips::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libvips:libvips::::::::

reference_url

https://vuldb.com/?ctiid.348012

reference_id

?ctiid.348012

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T18:49:06Z/

url

https://vuldb.com/?ctiid.348012

reference_url

https://vuldb.com/?id.348012

reference_id

?id.348012

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T18:49:06Z/

url

https://vuldb.com/?id.348012

reference_url

https://github.com/libvips/libvips/

reference_id

libvips

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T18:49:06Z/

url

https://github.com/libvips/libvips/

reference_url

https://vuldb.com/?submit.758863

reference_id

?submit.758863

reference_type

scores

value	1.7
scoring_system	cvssv2
scoring_elements	AV:L/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

value	4.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-27T18:49:06Z/

url

https://vuldb.com/?submit.758863

Weaknesses

cwe_id	119
name	Improper Restriction of Operations within the Bounds of a Memory Buffer
description	The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

cwe_id	125
name	Out-of-bounds Read
description	The product reads data past the end, or before the beginning, of the intended buffer.

Exploits

Severity_range_score 1.7 - 4.8

Exploitability 0.5

Weighted_severity 4.3

Risk_score 2.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d5bp-3xp3-uygr

Vulnerability Instance