Alerts This Week
Warning Icon 1 745
Alerts This Week
Warning Icon 1 745

Fedora 43 vips Key Update Fixes Critical Denial of Service Memory Issue

fedora
Calendar Grey June 22, 2026
Dist Fedora Esm H88
Critical update for Fedora 43's vips 8.18.3 to address multiple security issues and prevent potential exploits.
update to v8.18.3 enable uhdr fix several security issues

Summary

VIPS is an image processing library. It is good for very large images

(even larger than the amount of RAM in your machine), and for working

with color.

This package should be installed if you want to use a program compiled

against VIPS.

Update Information:

update to v8.18.3 enable uhdr fix several security issues

Topics%20covered

Topics Covered

security advisory fedora memory corruption heap overflow local denial of service buffer over-read

Change Log

* Sat Jun 13 2026 Adam Goode - 8.18.3-2 - Upload vips v8.18.3 sources * Sat Jun 13 2026 Kleis Auke Wolthuizen - 8.18.3-1 - Update to 8.18.3 - Drop patches merged upstream - Build against libultrahdr (rhbz#2427101) * Sun May 31 2026 Richard Shaw - 8.18.0-8 - Rebuild for OpenColorIO 2.5.2. * Mon May 25 2026 Richard Shaw - 8.18.0-7 - Rebuild for OpenEXR 3.4.12. * Wed Apr 8 2026 Gwyn Ciesla - 8.18.0-6 - Libraw rebuild * Mon Feb 16 2026 Gwyn Ciesla - 8.18.0-5 - LibRaw rebuild * Tue Jan 20 2026 Mamoru TASAKA - 8.18.0-4 - Fix build with glibc 2.43 which supports C23 * Sat Jan 17 2026 Fedora Release Engineering - 8.18.0-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Sat Dec 20 2025 Kleis Auke Wolthuizen - 8.18.0-2 - Backport upstream patch to fix thumbnail generation on s390x * Wed Dec 17 2025 Kleis Auke Wolthuizen - 8.18.0-1 - Update to 8.18.0 - Resolves: rhbz#2423186 - Build against LibRaw - Switch from spng to libpng (preferred upstream) - Disable new uhdr feature (lack of libuhdr)

References


[ 1 ] Bug #2442677 - CVE-2026-3146 vips: libvips: Local denial of service due to null pointer dereference [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2442677 [ 2 ] Bug #2442681 - CVE-2026-3145 vips: libvips: Memory corruption via local manipulation [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2442681 [ 3 ] Bug #2442683 - CVE-2026-3147 vips: libvips: Heap-based buffer overflow [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2442683 [ 4 ] Bug #2443335 - CVE-2026-3282 vips: libvips unpremultiply.c vips_unpremultiply_build out-of-bounds [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2443335 [ 5 ] Bug #2443339 - CVE-2026-3284 vips: libvips extract.c vips_extract_area_build integer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2443339 [ 6 ] Bug #2443343 - CVE-2026-3283 vips: libvips extract.c vips_extract_band_build out-of-bounds [fedora-all] https://bugzilla...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-3b2ddea116' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: vips
Product: Fedora 43
Version: 8.18.3
Release: 2.fc43
URL: https://www.libvips.org/
Summary: C/C++ library for processing large images

Topics%20covered

Topics Covered

security advisory fedora memory corruption heap overflow local denial of service buffer over-read

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here