Lucene search
+L

8 matches found

vulnrichment
vulnrichment
added 2026/05/22 8:59 p.m.11 views

CVE-2026-41071 libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS5.7AI score0.00302EPSS
Exploits1References2
cvelist
cvelist
added 2026/05/22 8:59 p.m.31 views

CVE-2026-41071 libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS0.00302EPSS
Exploits1References2
cve
cve
added 2026/05/22 8:59 p.m.90 views

CVE-2026-41071

CVE-2026-41071 affects libheif up to version 1.21.2. A crafted HEIF sequence file where the saiz box declares more samples than actually exist can trigger a heap‑buffer‑overflow (out‑of‑bounds read) in the SampleAuxInfoReader constructor when parsing via heif_context_read_from_file. The reader it...

8.1CVSS5.8AI score0.00302EPSS
Exploits1References2Affected Software1
nessus
nessus
added 2026/01/26 12:0 a.m.4 views

openSUSE 16 Security Update : libheif (openSUSE-SU-2026:20076-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20076-1 advisory. - CVE-2025-68431: heap buffer over-read in HeifPixelImage::overlay via crafted HEIF file that exercises the overlay image item path bsc1255735. Tenable...

7.1CVSS6.1AI score0.00267EPSS
Exploits1References3
osv
osv
added 2026/01/22 11:0 a.m.4 views

OPENSUSE-SU-2026:20076-1 Security update for libheif

This update for libheif fixes the following issues: - CVE-2025-68431: heap buffer over-read in HeifPixelImage::overlay via crafted HEIF file that exercises the overlay image item path bsc1255735...

7.1CVSS6AI score0.00267EPSS
Exploits1References2
osv
osv
added 2026/01/22 10:59 a.m.5 views

SUSE-SU-2026:20121-1 Security update for libheif

This update for libheif fixes the following issues: - CVE-2025-68431: heap buffer over-read in HeifPixelImage::overlay via crafted HEIF file that exercises the overlay image item path bsc1255735...

7.1CVSS5.9AI score0.00267EPSS
Exploits1References3
cert
cert
added 2026/01/20 12:0 a.m.13 views

Libheif uncompressed codec lacks bounds check leading to application crash

Overview An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif. A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory...

6.3AI score
Exploits0References3
nvd
nvd
added 2021/11/03 5:15 p.m.25 views

CVE-2020-23109

Buffer overflow vulnerability in function convertcolorspace in heifcolorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file...

8.1CVSS0.01245EPSS
Exploits1References1
Rows per page
Query Builder