Main Vulnerability Database SB2025093010

SB2025093010 - Out-of-bounds read in libvips

Published: September 30, 2025

Security Bulletin ID SB2025093010

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Out-of-bounds read (CVE-ID: CVE-2025-59933)

The vulnerability allows a local attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in poppler-based pdfload. A local attacker can trigger an out-of-bounds read error and read contents of memory on the system.

Remediation

Install update from vendor's website.

References

https://github.com/libvips/libvips/commit/a58bfae9223a5466cc81ba9fe6dfb08233cf17d1
https://github.com/libvips/libvips/releases/tag/v8.17.2
https://github.com/libvips/libvips/security/advisories/GHSA-q8px-4w5q-c2r4