Lucene search
K

86 matches found

Debian CVE
Debian CVE
added 2026/06/19 5:16 p.m.10 views

CVE-2026-49271

libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...

6.5CVSS5.8AI score0.00199EPSS
Exploits0
Ubuntu
Ubuntu
added 2026/06/18 4:41 p.m.18 views

USN-8454-1: libheif vulnerabilities

Elhanan Haenel discovered that libheif incorrectly handled certain malformed HEIF sequence files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. CVE-2026-32738 Elhanan Haenel discovered that libheif incorrectly...

8.8CVSS5.1AI score0.00514EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.97 views

Amazon Linux 2023 : heif-pixbuf-loader, libheif, libheif-devel (ALAS2023-2026-1814)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1814 advisory. libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap- buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to...

8.8CVSS6AI score0.00514EPSS
Exploits1References8
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.85 views

Linux Distros Unpatched Vulnerability : CVE-2026-32740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap- buffer-overflow write vulnerability in the grid tile...

8.8CVSS6AI score0.00514EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Chromium

The use of after free in libavif in Google Chrome before version 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption through a crafted avif file. Chromium security severity: High...

8.8CVSS7.4AI score0.01118EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Chromium

The use of after free in libavif in Google Chrome before version 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption through a crafted avif file. Chromium security severity: High...

8.8CVSS7.3AI score0.00913EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/19 9:51 p.m.13 views

Use of Uninitialized Resource

Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the decoding process of grid-based HEIF or AVIF images when a corrupted tile fails to decode and the library returns a success status, resulting in uninitialized heap memory being exposed as pixel data. ...

7.1CVSS5.8AI score0.00303EPSS
Exploits0References2
OSV
OSV
added 2026/05/19 8:16 p.m.17 views

UBUNTU-CVE-2026-32740

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

8.8CVSS5.8AI score0.00514EPSS
Exploits1References5
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.11 views

libheif 缓冲区错误漏洞

Libheif is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of Libheif prior to 1.21.2 contain a buffer error vulnerability. This vulnerability stems from a heap buffer overflow during tile composition, allowing attackers to write...

8.8CVSS6AI score0.00514EPSS
Exploits1References2
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.9 views

WordPress AVIF & SVG Uploader plugin <= 1.1.0 - Author+ Stored XSS via SVG Uplaod vulnerability

Author+ Stored XSS via SVG Uplaod vulnerability discovered by Bob Matyas in WordPress Plugin AVIF & SVG Uploader versions = 1.1.0...

5.4CVSS5.9AI score0.00254EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/18 6:43 a.m.14 views

CVE-2025-13750

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

4.3CVSS5.3AI score0.00234EPSS
Exploits0References1
NVD
NVD
added 2025/12/17 7:15 a.m.8 views

CVE-2025-13750

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

4.3CVSS0.00234EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/17 6:36 a.m.6 views

EUVD-2025-203883

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

4.3CVSS4.8AI score0.00234EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/17 6:36 a.m.3 views

CVE-2025-13750 Converter for Media <= 6.3.2 - Missing Authorization to Authenticated (Subscriber+) Optimized Image Deletion via regenerate-attachment REST Endpoint

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

4.3CVSS4.9AI score0.00234EPSS
Exploits0References2
CVE
CVE
added 2025/12/17 6:36 a.m.14 views

CVE-2025-13750

Technical details for CVE-2025-13750 are not publicly available in the provided documents. Monitor for updates from official advisories to confirm affected versions, impact, and remediation.

4.3CVSS4.9AI score0.00234EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.6 views

PT-2025-51816

The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...

4.3CVSS5.3AI score0.00234EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/13 8:27 a.m.10 views

CVE-2025-12015 Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed <= 2.0.0 - Missing Authorization to Authenticated (Subscriber+) Afosto Disconnect

The Convert WebP & AVIF | Quicq | Best image optimizer and compression plugin | Improve your Google Pagespeed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxwpqaidisconnectquicqafosto' AJAX endpoint in all versions up to, an...

4.3CVSS0.00194EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/11/13 12:0 a.m.10 views

PT-2025-46793

Name of the Vulnerable Software and Affected Versions Convert WebP & AVIF | Quicq versions prior to 2.0.1 Description The Convert WebP & AVIF | Quicq WordPress plugin is susceptible to unauthorized data modification. This is due to a missing capability check on the wp ajax wpqai disconnect quicq...

4.3CVSS6.3AI score0.00194EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-15238

Malicious code in bioql PyPI...

5.4CVSS6.6AI score0.00254EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-36756

Malicious code in bioql PyPI...

8.8CVSS9.1AI score0.00312EPSS
Exploits0References1
Rows per page
Query Builder