Debian Patches
Status for vips/8.18.0-2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2026-2913.patch | source: guard against length truncation (#4858) GByteArray stores its length as guint, while libvips uses a 64-bit length. Passing values larger than UINT_MAX could silently truncate the length. Add checks to prevent overflow. |
Kleis Auke Wolthuizen <github@kleisauke.nl> | no | 2026-02-12 |
All known versions for source package 'vips'
- 8.18.0-3 (sid)
- 8.18.0-2 (forky)
- 8.16.1-1 (trixie)
- 8.14.1-3+deb12u2 (bookworm-security, bookworm)