CVE-2025-59933
Published: 09/29/2025 22:15:36
libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a width but not a height. Those using libvips compiled without support for PDF input are unaffected as well as thosewith support for PDF input via PDFium. This issue is fixed in version 8.17.2. A workaround for those affected is to block the VipsForeignLoadPdf operation via vips_operation_block_set, which is available in most language bindings, or to set VIPS_BLOCK_UNTRUSTED environment variable at runtime, which will block all untrusted loaders including PDF input via poppler.
Unknown
CVSS v2:
CVSS v2:
Status
| DocFilters Release | Package | State | Justification | Comment |
|---|---|---|---|---|
| 0.0.0.1 | pdfium (5060) | Needs Triage | ||
| 25.3 | pdfium (5060) | Needs Triage | ||
| 25.2 | pdfium (5060) | Needs Triage | ||
| 25.1.1 | pdfium (5060) | Needs Triage | ||
| 25.1 | pdfium (5060) | Needs Triage | ||
| 24.4 | pdfium (5060) | Needs Triage | ||
| 24.4.0 | pdfium (5060) | Needs Triage | ||
| 24.3 | pdfium (5060) | Needs Triage | ||
| 24.2.1 | pdfium (5060) | Needs Triage | ||
| 24.2 | pdfium (5060) | Needs Triage | ||
| 24.1 | pdfium (5060) | Needs Triage | ||
| 23.3 | pdfium (5060) | Needs Triage | ||
| 23.2.1 | pdfium (5060) | Needs Triage | ||
| 23.2 | pdfium (5060) | Needs Triage | ||
| 23.1 | pdfium (5060) | Needs Triage | ||
| 22.4 | pdfium (5060) | Needs Triage | ||
| 22.3 | pdfium (5060) | Needs Triage |