Debian Patches
Status for vips/8.18.0-3
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| CVE-2026-2913.patch | source: guard against length truncation (#4858) GByteArray stores its length as guint, while libvips uses a 64-bit length. Passing values larger than UINT_MAX could silently truncate the length. Add checks to prevent overflow. |
Kleis Auke Wolthuizen <github@kleisauke.nl> | no | 2026-02-12 | ||
| CVE-2026-3283_CVE-2026-3284.patch | extract: check bounds using unsigned arith #4879 #4880 (#4887) | Lovell Fuller <lovell@users.noreply.github.com> | no | 2026-02-19 | ||
| CVE-2026-3145_CVE-2026-3146.patch | matrixload: guard against empty and very large inputs (#4888) Also ensure consistent matrixload error message prefix |
Lovell Fuller <lovell@users.noreply.github.com> | no | 2026-02-19 | ||
| CVE-2026-3282.patch | unpremultiply: check alpha_band is in range #4881 (#4886) | Lovell Fuller <lovell@users.noreply.github.com> | no | 2026-02-19 | ||
| CVE-2026-3147.patch | csvload: check whitespace and separator are ASCII (#4894) | Lovell Fuller <lovell@users.noreply.github.com> | no | 2026-02-21 | ||
| CVE-2026-3281.patch | bandrank: check index is in range #4878 (#4895) | Lovell Fuller <lovell@users.noreply.github.com> | no | 2026-02-22 |
All known versions for source package 'vips'
- 8.18.0-3 (sid)
- 8.18.0-2 (forky)
- 8.16.1-1 (trixie)
- 8.14.1-3+deb12u2 (bookworm-security, bookworm)