7 matches found
CVE-2026-44512
Open Neural Network Exchange (ONNX) has a vulnerability in version_converter.convert_version() for opset upgrades prior to 1.22.0. The Upsample_6_7 adapter dereferences inputs()[0] without validating that inputs exist, causing a null-pointer dereference (SIGSEGV) when processing a model with an U...
DEBIAN-CVE-2026-41071
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...
CVE-2026-32882 libheif: Heap Buffer OOB Read in overlay compositing due to wrong alpha stride
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay in libheif/pixelimage.cc. When compositing an overlay image iovl whose child image has a different bit depth for the alpha channel than for the color...
CVE-2026-32739 libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration Lookup
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...
CVE-2026-32738
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...
PT-2026-42003
Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description A heap-buffer-overflow write exists in the grid tile compositing of the HEIF and AVIF file format decoder and encoder. An attacker can write 64 bytes of controlled data past the end of a chroma plan...
EUVD-2025-35361
Hugging Face Smolagents XPath injection vulnerability in the searchitemctrlf function...