6 matches found
CVE-2025-71319
CVE-2025-71319 affects image-size versions 1.1.0 before 1.2.1 and 2.0.0 before 2.0.2. The vulnerability resides in the findBox function, triggered when processing crafted images with zero-sized boxes (JXL, HEIF, or JP2), causing an infinite loop and denial of service. The issue could lead to appl...
SUSE CVE-2026-28231
pillowheif is a Python library for working with HEIF images and plugin for Pillow. Prior to version 1.3.0, an integer overflow in the encode path buffer validation of pillowheif.c allows an attacker to bypass bounds checks by providing large image dimensions, resulting in a heap out-of-bounds rea...
PT-2026-22391
Name of the Vulnerable Software and Affected Versions pillow heif versions prior to 1.3.0 Description An integer overflow in the encode path buffer validation within pillow heif.c allows an attacker to bypass bounds checks by providing large image dimensions. This can lead to a heap out-of-bounds...
EUVD-2023-1439
Malicious code in bioql PyPI...
Astra Linux – Vulnerability in libheif
A segmentation fault caused by a floating-point exception exists in libheif 1.15.1 when using crafted heif images through the heif::Fraction::round function in box.cc, which results in a denial of service...
Denial Of Services (DoS)
libheif.so is vulnerable to Denial Of Services DoS. The vulnerability exists due to the segmentation fault in the Fraction function of box.cc, allowing an attacker to cause an application crash through the floating point exception by providing maliciously crafted heif images...