Vulnerability Description: - The function in the library performs a range check using signed addition, leading to a signed integer overflow which can bypass validation. - The vulnerable check is in . If is greater than the number of bands, a validation error occurs. - The unvalidated values are directly used in which results in an out-of-bounds read and ASAN crash. Reproduction Steps: 1. Build ASAN. 2. Prepare a minimal valid input. 3. Trigger the issue using the standard Vips CLI command. 4. View the full ASAN report, showing the segmentation fault (SEGV) error. Expected Behavior: - should safely reject invalid ranges and never use overflowed values in pointer math. Actual Behavior: - Due to the signed integer overflow, the range check is bypassed and an SEGV crash occurs in . Environment: - OS: Ubuntu 22.04 - Vips version: Master @ 7fab325d2 (ASAN build) Resolution: - The issue was fixed by checking bounds using unsigned arithmetic. Relevant commit references include libvips#4877 and libvips#4880. Status: - The issue was closed as completed.