CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

241 matches found

Linux Distros Unpatched Vulnerability : CVE-2026-49271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offse...

6.5CVSS5.9AI score0.00199EPSS

Exploits0References3

Cvelist•added 6 days ago•17 views

CVE-2026-49271 libheif: Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoder

libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...

6.5CVSS0.00199EPSS

Exploits0References1

Debian CVE•added 6 days ago•5 views

CVE-2026-49271

6.5CVSS5.8AI score0.00199EPSS

Exploits0

ATTACKERKB•added 6 days ago•4 views

CVE-2026-49271

6.5CVSS5.8AI score0.00199EPSS

Exploits0References2Affected Software1

NVD•added 6 days ago•14 views

CVE-2025-62821

Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntryGetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copysize = stride absroiheight but does not check the...

9.1CVSS0.00445EPSS

Exploits0References1

CVE•added 6 days ago•12 views

CVE-2025-62821

CVE-2025-62821 affects Microsoft HEIF Image Extensions 1.2.22.0. The issue is an out-of-bounds read caused by CHEIFItemInfoEntry_GetDataSize returning success while reporting data size as 0, leading to a 1-byte allocation. Later, CopyPixels computes copy_size = stride * abs(roi_height) without va...

9.1CVSS6AI score0.00445EPSS

Exploits0References1

Cvelist•added 6 days ago•27 views

CVE-2025-62821

0.00445EPSS

Exploits0References1

Tenable Nessus•added 2026/06/18 12:0 a.m.•6 views

Libheif < 1.22.1 OOB Read (macOS)

According to its self-reported version, libheif prior to 1.22.1 is affected by an out-of-bounds read vulnerability. The uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range chec...

6.5CVSS5.9AI score0.00199EPSS

Exploits0References2

Tenable Nessus•added 2026/06/18 12:0 a.m.•9 views

Libheif 1.19.x < 1.23.0 DoS (macOS)

According to its self-reported version, libheif on the remote host is affected by a denial of service vulnerability. A crafted HEIF sequence file can cause libheif to perform unbounded heap allocation due to a missing bound check in the stsz fixed-size mode of the HEIF sequence parser, leading to...

5.9AI score0.00089EPSS

Exploits0References2

RedhatCVE•added 2026/06/15 2:36 p.m.•7 views

CVE-2025-71329

A flaw was found in image-size. A remote attacker can exploit this vulnerability by providing a specially crafted image buffer that contains a zero-valued size field within a recognized box-type. This malicious input can trigger an infinite loop in the JXL or HEIF image parsers, leading to a...

8.7CVSS5.6AI score0.0043EPSS

Exploits1References6

SUSE CVE•added 2026/06/13 2:30 a.m.•9 views

SUSE CVE-2025-71329

image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or...

8.7CVSS5.7AI score0.0043EPSS

Exploits1References3

Snyk•added 2026/06/10 2:38 p.m.•5 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the extractPartialStreams and corresponding extraction functions for HEIF, JP2, and JXL. An attacker supplying an image whose requested box declares a size of zero can hang the parser indefinitely. Note: This is a bypas...

8.7CVSS5.4AI score0.00548EPSS

Exploits2References2

NVD•added 2026/06/10 2:16 p.m.•11 views

CVE-2025-71329

8.7CVSS0.0043EPSS

Exploits1References3

Cvelist•added 2026/06/10 1:4 p.m.•34 views

CVE-2025-71329 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

8.7CVSS0.0043EPSS

Exploits1References3

Vulnrichment•added 2026/06/10 1:4 p.m.•4 views

CVE-2025-71329 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

8.7CVSS5.8AI score0.0043EPSS

Exploits1References3

EUVD•added 2026/06/10 1:4 p.m.•8 views

EUVD-2025-210106

8.7CVSS5.8AI score0.0043EPSS

Exploits1References3

CNNVD•added 2026/06/10 12:0 a.m.•9 views

image-size 资源管理错误漏洞

image-size is a lightweight image size retrieval tool developed by image-size. Versions of image-size 2.0.2 and earlier have security vulnerabilities. These vulnerabilities stem from infinite loops within the JXL or HEIF image parser, which could allow remote attackers to permanently block the...

8.7CVSS6AI score0.0043EPSS

Exploits1References3

Positive Technologies•added 2026/06/10 12:0 a.m.•12 views

PT-2026-48403

Name of the Vulnerable Software and Affected Versions image-size versions prior to 2.0.3 Description A denial of service issue exists where remote attackers can permanently block the Node.js event loop. By supplying a specially crafted image buffer containing a box-type with a zero-valued size...

8.7CVSS5.5AI score0.0043EPSS

Exploits1References8

NVD•added 2026/06/09 9:17 p.m.•11 views

CVE-2025-71319

8.7CVSS0.00548EPSS

Exploits1References3

Vulnrichment•added 2026/06/09 7:57 p.m.•6 views

CVE-2025-71319 image-size 2.0.2 Denial of Service via Infinite Loop in JXL/HEIF Parser

8.7CVSS5.8AI score0.00548EPSS

Exploits1References3

Rows per page