Lucene search
K

10 matches found

Snyk
Snyk
added 2026/06/10 2:38 p.m.8 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the extractPartialStreams and corresponding extraction functions for HEIF, JP2, and JXL. An attacker supplying an image whose requested box declares a size of zero can hang the parser indefinitely. Note: This is a bypas...

8.7CVSS5.4AI score0.00625EPSS
Exploits2References2
NVD
NVD
added 2026/06/09 9:17 p.m.12 views

CVE-2025-71319

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS0.00625EPSS
Exploits1References7
OSV
OSV
added 2026/05/22 10:16 p.m.7 views

UBUNTU-CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

8.1CVSS5.7AI score0.00302EPSS
Exploits1References5
OSV
OSV
added 2026/05/19 8:16 p.m.6 views

UBUNTU-CVE-2026-32740

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

8.8CVSS5.8AI score0.00514EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

libheif 缓冲区错误漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability stems from excessive heap buffer reading in the HeifPixelImage::overlay function, where a...

7.1CVSS6AI score0.00323EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/14 6:54 p.m.34 views

CVE-2026-43906 OpenImageIO: HEIF Heap overflow

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metada...

8.5CVSS0.00188EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.10 views

OpenImageIO 安全漏洞

OpenImageIO is an open-source image processing library developed by OpenImageIO. It features a user-friendly interface and a large number of supported image formats. Versions of OpenImageIO prior to 3.0.18.0 and 3.1.13.0 contained security vulnerabilities. These vulnerabilities were caused by...

8.5CVSS6AI score0.00188EPSS
Exploits1References1
OSV
OSV
added 2025/04/02 3:4 p.m.5 views

GHSA-M5QC-5HW7-8VG7 image-size Denial of Service via Infinite Loop during Image Processing

Summary image-size is vulnerable to a Denial of Service vulnerability when processing specially crafted images. The issue occurs because of an infine loop in findBox when processing certain images with a box with size 0. Details If the first bytes of the input does not match any bytes in...

8.7CVSS5.9AI score0.00625EPSS
Exploits1References7
Vulnrichment
Vulnrichment
added 2024/07/15 7:15 p.m.18 views

CVE-2024-40630 HEIF Heap OOB Read in OpenImageIO

OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation via a format-agnostic API with a feature set, scalability, and robustness needed for feature film production. In affected versions there is a bug in the heif input...

4.3CVSS6.4AI score0.00448EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/09/20 12:0 a.m.5 views

heif 代码问题漏洞

HEIF refers to High Efficiency Image File Format, a file format for single images or image sequences. nalutil.cpp in HEIF 3.6.2 and earlier versions of nalutil.cpp contains a null pointer dereference vulnerability in the convertByteStreamToRBSP function. An attacker could exploit this vulnerabili...

5.5CVSS5.8AI score0.00621EPSS
Exploits1References2
Rows per page
Query Builder