CVE-2026-3147 | libvips up to 8.18.0 csvload.c vips_foreign_load_csv_build heap-based overflow (Issue 4874)

A vulnerability was found in libvips up to 8.18.0 and classified as critical. This affects the function vips_foreign_load_csv_build of the file libvips/foreign/csvload.c. The manipulation results in heap-based buffer overflow.

This vulnerability is reported as CVE-2026-3147. The attack requires a local approach. Moreover, an exploit is present.

It is advisable to implement a patch to correct this issue.VulDB Recent EntriesRead More