Lucene search
K

3090 matches found

EUVD
EUVD
added 2026/05/19 7:49 p.m.10 views

EUVD-2026-30980

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...

6.5CVSS5.7AI score0.00303EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/05/19 7:49 p.m.12 views

CVE-2026-32814

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...

6.5CVSS5.7AI score0.00303EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/19 7:49 p.m.7 views

CVE-2026-32814

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...

6.5CVSS5.7AI score0.00303EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/19 7:49 p.m.39 views

CVE-2026-32814 libheif: Uninitialized Heap Memory Information Leak via Failed Grid Tiles

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...

6.5CVSS0.00303EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 7:22 p.m.7 views

CVE-2026-32740

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

8.8CVSS5.8AI score0.00514EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/19 7:22 p.m.8 views

CVE-2026-32740 libheif: Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

8.8CVSS5.8AI score0.00514EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/19 7:22 p.m.15 views

EUVD-2026-30978

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

8.8CVSS5.8AI score0.00514EPSS
Exploits1References2
CVE
CVE
added 2026/05/19 7:22 p.m.59 views

CVE-2026-32740

libheif (HEIF/AVIF decoder/encoder) versions

8.8CVSS5.8AI score0.00514EPSS
Exploits1References5Affected Software1
Debian CVE
Debian CVE
added 2026/05/19 7:22 p.m.9 views

CVE-2026-32740

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

8.8CVSS5.8AI score0.00514EPSS
Exploits1
Cvelist
Cvelist
added 2026/05/19 7:22 p.m.40 views

CVE-2026-32740 libheif: Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

8.8CVSS0.00514EPSS
Exploits1References2
AlpineLinux
AlpineLinux
added 2026/05/19 7:22 p.m.12 views

CVE-2026-32740

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

8.8CVSS5.8AI score0.00514EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.14 views

libheif 信息泄露漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contained a vulnerability known as information leakage. This vulnerability occurred when decoding grid images, where tile regions that failed to...

6.5CVSS5.8AI score0.00303EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.10 views

PT-2026-42006

Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description When decoding a HEIF grid image with strict decoding set to false the default, a corrupted tile may fail to decode silently. The library returns heif error Ok without indicating failure, resulting i...

7.1CVSS5.8AI score0.00343EPSS
Exploits1References76
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.11 views

PT-2026-42003

Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description A heap-buffer-overflow write exists in the grid tile compositing of the HEIF and AVIF file format decoder and encoder. An attacker can write 64 bytes of controlled data past the end of a chroma plan...

8.8CVSS5.8AI score0.00514EPSS
Exploits3References81
vulnersOsv
vulnersOsv
added 2026/05/14 8:29 p.m.10 views

org.webjars.npm:event-calendar__core (>=3.1.0 <=3.7.1), org.webjars.npm:event-calendar__day-grid (=3.6.2) +2 more potentially affected by CVE-2026-42573 via org.webjars.npm:svelte (>=3.20.1 <=4.2.19)

org.webjars.npm:svelte MAVEN version =3.20.1, =3.1.0, =3.1.0, =3.6.2 - org.webjars.npm:stylesheet-switcher =3.0.0 Source cves: CVE-2026-42573 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16697542...

8.1CVSS5.8AI score0.00319EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2026/05/12 7:57 p.m.11 views

CVE-2026-44222 vLLM: Remote DoS via Special-Token Placeholders

vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...

6.5CVSS5.8AI score0.00414EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/12 7:57 p.m.47 views

CVE-2026-44222 vLLM: Remote DoS via Special-Token Placeholders

vLLM is an inference and serving engine for large language models LLMs. From 0.6.1 to before 0.20.0, there is a a Token Injection vulnerability in vLLM’s multimodal processing. Unauthenticated, text-only prompts that spell special tokens are interpreted as control. Image and video placeholder...

6.5CVSS0.00414EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/05/11 8:27 p.m.8 views

CVE-2026-8213

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...

5.5CVSS5.6AI score0.00258EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/11 8:26 p.m.8 views

CVE-2026-42199

Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expandrows can corrupt the relationship between the grid’s logical dimensions and its backing storage. After the internal invariant is broken, the safe API get may invoke getunchecked...

6.2CVSS5.8AI score0.00132EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/05/11 2:16 p.m.10 views

SUSE CVE-2026-8213

A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit h...

5.3CVSS5.4AI score0.00258EPSS
Exploits1References3
Rows per page
Query Builder