Alerts This Week
Warning Icon 1 745
Alerts This Week
Warning Icon 1 745

Fedora 44 vips Critical Denial of Service Memory Issues 2026-b9f00ad1b7

fedora
Calendar Grey June 22, 2026
Dist Fedora Esm H88
Essential Fedora 44 update for vips 8.18.3 fixes critical security flaws, ensuring reliability and stability.
update to v8.18.3 enable uhdr fix several security issues

Summary

VIPS is an image processing library. It is good for very large images

(even larger than the amount of RAM in your machine), and for working

with color.

This package should be installed if you want to use a program compiled

against VIPS.

Update Information:

update to v8.18.3 enable uhdr fix several security issues

Topics%20covered

Topics Covered

security advisory fedora buffer overflow critical memory corruption local denial of service

Change Log

* Sat Jun 13 2026 Adam Goode - 8.18.3-2 - Upload vips v8.18.3 sources * Sat Jun 13 2026 Kleis Auke Wolthuizen - 8.18.3-1 - Update to 8.18.3 - Drop patches merged upstream - Build against libultrahdr (rhbz#2427101) * Sun May 31 2026 Richard Shaw - 8.18.0-8 - Rebuild for OpenColorIO 2.5.2. * Mon May 25 2026 Richard Shaw - 8.18.0-7 - Rebuild for OpenEXR 3.4.12.

References


[ 1 ] Bug #2442677 - CVE-2026-3146 vips: libvips: Local denial of service due to null pointer dereference [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2442677 [ 2 ] Bug #2442681 - CVE-2026-3145 vips: libvips: Memory corruption via local manipulation [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2442681 [ 3 ] Bug #2442683 - CVE-2026-3147 vips: libvips: Heap-based buffer overflow [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2442683 [ 4 ] Bug #2443335 - CVE-2026-3282 vips: libvips unpremultiply.c vips_unpremultiply_build out-of-bounds [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2443335 [ 5 ] Bug #2443339 - CVE-2026-3284 vips: libvips extract.c vips_extract_area_build integer overflow [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2443339 [ 6 ] Bug #2443343 - CVE-2026-3283 vips: libvips extract.c vips_extract_band_build out-of-bounds [fedora-all] https://bugzilla...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-b9f00ad1b7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: vips
Product: Fedora 44
Version: 8.18.3
Release: 2.fc44
URL: https://www.libvips.org/
Summary: C/C++ library for processing large images

Topics%20covered

Topics Covered

security advisory fedora buffer overflow critical memory corruption local denial of service

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here