10 matches found
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the extractPartialStreams and corresponding extraction functions for HEIF, JP2, and JXL. An attacker supplying an image whose requested box declares a size of zero can hang the parser indefinitely. Note: This is a bypas...
CVE-2025-71319
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...
UBUNTU-CVE-2026-41071
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...
UBUNTU-CVE-2026-32740
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...
libheif 缓冲区错误漏洞
LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability stems from excessive heap buffer reading in the HeifPixelImage::overlay function, where a...
CVE-2026-43906 OpenImageIO: HEIF Heap overflow
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metada...
OpenImageIO 安全漏洞
OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and a large number of supported image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained security vulnerabilities. These vulnerabilities were caused by...
GHSA-M5QC-5HW7-8VG7 image-size Denial of Service via Infinite Loop during Image Processing
Summary image-size is vulnerable to a Denial of Service vulnerability when processing specially crafted images. The issue occurs because of an infine loop in findBox when processing certain images with a box with size 0. Details If the first bytes of the input does not match any bytes in...
CVE-2024-40630 HEIF Heap OOB Read in OpenImageIO
OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input...
heif 代码问题漏洞
HEIF refers to High Efficiency Image File Format, a file format for single images or image sequences. nalutil.cpp in HEIF 3.6.2 and earlier versions of nalutil.cpp contains a null pointer dereference vulnerability in the convertByteStreamToRBSP function. An attacker could exploit this vulnerabili...