CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Tenable Nessus•added 2026/05/25 12:0 a.m.•8 views

Linux Distros Unpatched Vulnerability : CVE-2026-41069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in co...

Snyk•added 2026/05/22 11:49 p.m.•6 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the SampleAuxInfoReader constructor when parsing a specially crafted HEIF sequence file containing a saiz box that declares more samples than exist in the track's chunk table. An attacker can cause a heap buffer...

8.1CVSS5.9AI score0.00042EPSS

UbuntuCve•added 2026/05/22 10:16 p.m.•5 views

CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

8.1CVSS5.7AI score0.00042EPSS

OSV•added 2026/05/22 10:16 p.m.•4 views

UBUNTU-CVE-2026-41071

8.1CVSS5.7AI score0.00042EPSS

Exploits1References4

NVD•added 2026/05/22 9:16 p.m.•7 views

CVE-2026-41069

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...

6.5CVSS0.00041EPSS

CVE•added 2026/05/22 8:59 p.m.•33 views

CVE-2026-41071

CVE-2026-41071 affects libheif up to version 1.21.2. A crafted HEIF sequence file where the saiz box declares more samples than actually exist can trigger a heap‑buffer‑overflow (out‑of‑bounds read) in the SampleAuxInfoReader constructor when parsing via heif_context_read_from_file. The reader it...

8.1CVSS5.8AI score0.00042EPSS

Exploits1References2Affected Software1

Cvelist•added 2026/05/22 8:59 p.m.•5 views

CVE-2026-41071 libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count

5.1CVSS0.00042EPSS

AlpineLinux•added 2026/05/22 8:59 p.m.•14 views

CVE-2026-41071

8.1CVSS5.7AI score0.00042EPSS

EUVD•added 2026/05/22 8:59 p.m.•3 views

EUVD-2026-31501

5.1CVSS5.8AI score0.00042EPSS

Vulnrichment•added 2026/05/22 8:59 p.m.•4 views

CVE-2026-41071 libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count

5.1CVSS5.7AI score0.00042EPSS

ATTACKERKB•added 2026/05/22 8:49 p.m.•2 views

CVE-2026-41069

Exploits1References3Affected Software1

Debian CVE•added 2026/05/22 8:49 p.m.•5 views

CVE-2026-41069

CNNVD•added 2026/05/22 12:0 a.m.•3 views

Exploits1

libheif 代码问题漏洞

Libheif is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of Libheif prior to 1.21.2 have a code vulnerability that can be exploited through format-errors in HEIF sequence files. This vulnerability allows for out-of-bound reads,...

6.5CVSS5.9AI score0.00041EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•7 views

PT-2026-42833

Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.21.3 Description An out-of-bounds read can occur in the core sequence parsing logic when processing a malformed HEIF sequence file, leading to a Denial of Service DoS. This happens when a file has stco.entry count s...

Tenable Nessus•added 2026/05/22 12:0 a.m.•4 views

Exploits1References23

Linux Distros Unpatched Vulnerability : CVE-2026-32740

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap- buffer-overflow write vulnerability in the grid tile...

8.8CVSS5.8AI score0.00015EPSS

Tenable Nessus•added 2026/05/22 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2026-32739

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in...

6.5CVSS5.8AI score0.00047EPSS

Positive Technologies•added 2026/05/22 12:0 a.m.•4 views

PT-2026-42834

Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description A heap-buffer-overflow out-of-bounds read occurs in the SampleAuxInfoReader constructor when parsing a crafted HEIF sequence file. The issue arises because the constructor iterates over the number o...

8.1CVSS5.8AI score0.00042EPSS

Exploits1References22

Tenable Nessus•added 2026/05/22 12:0 a.m.•2 views

Linux Distros Unpatched Vulnerability : CVE-2026-32738

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the st...

6.5CVSS5.8AI score0.00057EPSS

SUSE CVE•added 2026/05/21 2:29 a.m.•7 views

SUSE CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

6.5CVSS5.7AI score0.00057EPSS