Lucene search
K

24 matches found

RedhatCVE
RedhatCVE
added 6 days ago6 views

CVE-2026-49271

A flaw was found in libheif, a decoder and encoder for HEIF and AVIF file formats. A remote attacker could exploit this vulnerability by providing a specially crafted HEIF file. The uncompressed HEIF decoder's validation of icef compressed-unit offsets can experience an integer wrap-around. This...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References4
Snyk
Snyk
added 2026/06/19 7:8 p.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the uncompressed HEIF decoder process. An attacker can cause a crash by supplying a crafted HEIF file that manipulates compressed-unit offsets to trigger an out-of-bounds heap read. Remediation A fix was pushed int...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.10 views

Libheif 1.19.x < 1.23.0 DoS (macOS)

According to its self-reported version, libheif on the remote host is affected by a denial of service vulnerability. A crafted HEIF sequence file can cause libheif to perform unbounded heap allocation due to a missing bound check in the stsz fixed-size mode of the HEIF sequence parser, leading to...

5.9AI score0.00089EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/25 11:8 p.m.13 views

CVE-2026-41071

A flaw was found in libheif, a library for decoding and encoding HEIF High Efficiency Image File Format and AVIF files. A remote attacker could exploit this vulnerability by providing a specially crafted HEIF sequence file. When parsing the file, if the saiz sample auxiliary information box...

8.1CVSS5.8AI score0.00302EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/22 8:59 p.m.11 views

CVE-2026-41071 libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS5.7AI score0.00302EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/22 8:59 p.m.11 views

EUVD-2026-31501

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS5.8AI score0.00302EPSS
Exploits1References2
CVE
CVE
added 2026/05/22 8:59 p.m.87 views

CVE-2026-41071

CVE-2026-41071 affects libheif up to version 1.21.2. A crafted HEIF sequence file where the saiz box declares more samples than actually exist can trigger a heap‑buffer‑overflow (out‑of‑bounds read) in the SampleAuxInfoReader constructor when parsing via heif_context_read_from_file. The reader it...

8.1CVSS5.8AI score0.00302EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/22 8:59 p.m.27 views

CVE-2026-41071 libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS0.00302EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2026-32738

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the st...

6.5CVSS5.8AI score0.00301EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/19 7:3 p.m.8 views

CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

6.5CVSS5.7AI score0.00301EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.18 views

PT-2026-41995

Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description An unsigned integer underflow occurs in the Chunk constructor when processing a crafted HEIF sequence file containing samples per chunk=0 in the stsc box. This causes all samples to map to an empty...

8.8CVSS5.8AI score0.00514EPSS
Exploits3References75
OSV
OSV
added 2026/02/04 7:37 a.m.4 views

SUSE-SU-2026:0377-1 Security update for libheif

This update for libheif fixes the following issues: - CVE-2025-68431: Fixed heap buffer over-read in HeifPixelImage::overlay via crafted HEIF that exercises the overlay image item bsc1255735...

7.1CVSS6AI score0.00267EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/01/26 12:0 a.m.4 views

openSUSE 16 Security Update : libheif (openSUSE-SU-2026:20076-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20076-1 advisory. - CVE-2025-68431: heap buffer over-read in HeifPixelImage::overlay via crafted HEIF file that exercises the overlay image item path bsc1255735. Tenable...

7.1CVSS6.1AI score0.00267EPSS
Exploits1References3
OSV
OSV
added 2026/01/22 11:0 a.m.3 views

OPENSUSE-SU-2026:20076-1 Security update for libheif

This update for libheif fixes the following issues: - CVE-2025-68431: heap buffer over-read in HeifPixelImage::overlay via crafted HEIF file that exercises the overlay image item path bsc1255735...

7.1CVSS6AI score0.00267EPSS
Exploits1References2
OSV
OSV
added 2026/01/22 10:59 a.m.4 views

SUSE-SU-2026:20121-1 Security update for libheif

This update for libheif fixes the following issues: - CVE-2025-68431: heap buffer over-read in HeifPixelImage::overlay via crafted HEIF file that exercises the overlay image item path bsc1255735...

7.1CVSS5.9AI score0.00267EPSS
Exploits1References3
CERT
CERT
added 2026/01/20 12:0 a.m.12 views

Libheif uncompressed codec lacks bounds check leading to application crash

Overview An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif. A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory...

6.3AI score
Exploits0References3
OSV
OSV
added 2026/01/09 3:19 p.m.1 views

SUSE-SU-2026:0087-1 Security update for libheif

This update for libheif fixes the following issues: - CVE-2025-68431: Fixed heap buffer over-read in HeifPixelImage::overlay via crafted HEIF that exercises the overlay image item bsc1255735...

7.1CVSS7.2AI score0.00267EPSS
Exploits1References3
OSV
OSV
added 2025/12/29 7:15 p.m.3 views

ALPINE-CVE-2025-68431

libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in HeifPixelImage::overlay. The function computes a negative row length likely from an unclipped overlay rectangle or...

7.1CVSS5.6AI score0.00267EPSS
Exploits1References1
AlpineLinux
AlpineLinux
added 2025/12/29 7:9 p.m.3 views

CVE-2025-68431

libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in HeifPixelImage::overlay. The function computes a negative row length likely from an unclipped overlay rectangle or...

7.1CVSS7AI score0.00267EPSS
Exploits1
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.6 views

libheif 输入验证错误漏洞

libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder from struktur open source. An input validation error vulnerability exists in versions prior to libheif 1.21.0, which stems from a specially crafted HEIF file triggering an over-read of the heap buffer, which may result in a...

7.1CVSS7.2AI score0.00267EPSS
Exploits1References4
Rows per page
Query Builder