8 matches found
CVE-2026-41071 libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...
CVE-2026-41071 libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...
CVE-2026-41071
CVE-2026-41071 affects libheif up to version 1.21.2. A crafted HEIF sequence file where the saiz box declares more samples than actually exist can trigger a heap‑buffer‑overflow (out‑of‑bounds read) in the SampleAuxInfoReader constructor when parsing via heif_context_read_from_file. The reader it...
openSUSE 16 Security Update : libheif (openSUSE-SU-2026:20076-1)
The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20076-1 advisory. - CVE-2025-68431: heap buffer over-read in HeifPixelImage::overlay via crafted HEIF file that exercises the overlay image item path bsc1255735. Tenable...
OPENSUSE-SU-2026:20076-1 Security update for libheif
This update for libheif fixes the following issues: - CVE-2025-68431: heap buffer over-read in HeifPixelImage::overlay via crafted HEIF file that exercises the overlay image item path bsc1255735...
SUSE-SU-2026:20121-1 Security update for libheif
This update for libheif fixes the following issues: - CVE-2025-68431: heap buffer over-read in HeifPixelImage::overlay via crafted HEIF file that exercises the overlay image item path bsc1255735...
Libheif uncompressed codec lacks bounds check leading to application crash
Overview An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif. A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory...
CVE-2020-23109
Buffer overflow vulnerability in function convertcolorspace in heifcolorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file...