CVE-2025-59933Buffer Over-read in Libvips

CWE-126Buffer Over-read3 documents3 sources
Severity
5.1MEDIUMNVD
EPSS
0.0%
top 95.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
LibvipsDebian Vips
Timeline
PublishedSep 29

Description

libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workar

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L

Affected Packages2 packages

NVDlibvips/libvips< 8.17.2
debiandebian/vips< vips 8.17.3-1 (forky)

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
OSV
CVE-2025-59933: libvips is a demand-driven, horizontally threaded image processing library2025-09-29

📋Vendor Advisories

1
Debian
CVE-2025-59933: vips - libvips is a demand-driven, horizontally threaded image processing library. For ...2025
CVE-2025-59933 — Buffer Over-read in Libvips | cvebase