Lucene search
K

257 matches found

Tenable Nessus
Tenable Nessus
added 2026/07/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-50142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The vulnerability exists due to a missing boundary check on the sample size stsz box fixed-size parameter inside the HEIF sequence parser of libheif. When a...

6.1AI score0.00089EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/30 6:45 a.m.7 views

CVE-2026-49271

A flaw was found in libheif, a decoder and encoder for HEIF and AVIF file formats. A remote attacker could exploit this vulnerability by providing a specially crafted HEIF file. The uncompressed HEIF decoder's validation of icef compressed-unit offsets can experience an integer wrap-around. This...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References4
Ubuntu
Ubuntu
added 2026/06/29 3:54 p.m.9 views

USN-8479-1: libheif vulnerabilities

It was discovered that libheif incorrectly handled certain crafted HEIF files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. CVE-2026-47178 It was discovered that libheif incorrectly validated offsets when decoding certain crafted HEIF files. An...

6.5CVSS6AI score0.00199EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in libheif

libheif is a decoder and encoder for HEIF and AVIF file formats. In versions 1.21.2 and earlier, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track’s chunk table could cause a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader...

8.1CVSS5.8AI score0.00302EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in libheif

libheif is a decoder and encoder for HEIF and AVIF file formats. In versions 1.21.2 and earlier, a crafted 800-byte HEIF sequence file could cause an infinite loop in the Boxstts::getsampleduration function. This loop consumed 100% of the CPU resources indefinitely, with no progress being made,...

6.5CVSS5.8AI score0.0032EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in libheif

libheif is a decoder and encoder for HEIF and AVIF file formats. Prior to version 1.21.0, a crafted HEIF file that used overlay image item paths triggered a heap buffer overflow in HeifPixelImage::overlay. This function calculated a negative row length likely derived from an unclipped overlay...

7.1CVSS6.3AI score0.00267EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/24 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2025-71319

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a...

8.7CVSS6.2AI score0.0064EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-49271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offse...

6.5CVSS6AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:8 p.m.6 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the uncompressed HEIF decoder process. An attacker can cause a crash by supplying a crafted HEIF file that manipulates compressed-unit offsets to trigger an out-of-bounds heap read. Remediation A fix was pushed int...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/19 5:16 p.m.4 views

CVE-2026-49271

libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/06/19 5:16 p.m.1 views

CVE-2026-49271 libheif: Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoder

libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...

6.5CVSS5.9AI score0.00199EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/19 5:16 p.m.38 views

CVE-2026-49271 libheif: Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoder

libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...

6.5CVSS0.00199EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/19 5:16 p.m.9 views

CVE-2026-49271

libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector...

6.5CVSS5.8AI score0.00199EPSS
Exploits0
NVD
NVD
added 2026/06/19 2:16 p.m.23 views

CVE-2025-62821

Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntryGetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copysize = stride absroiheight but does not check the...

9.1CVSS0.00823EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/19 12:0 a.m.32 views

CVE-2025-62821

Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntryGetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copysize = stride absroiheight but does not check the...

0.00823EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/06/19 12:0 a.m.20 views

PT-2026-50877

Name of the Vulnerable Software and Affected Versions Microsoft HEIF Image Extensions version 1.2.22.0 Description An out-of-bounds read occurs because the CHEIFItemInfoEntry GetDataSize function can return a success status while leaving the reported data size at 0. This leads a caller to perform...

9.1CVSS6AI score0.00823EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/06/19 12:0 a.m.10 views

CVE-2025-62821

Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntryGetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copysize = stride absroiheight but does not check the...

6AI score0.00823EPSS
Exploits1References2
CVE
CVE
added 2026/06/19 12:0 a.m.17 views

CVE-2025-62821

CVE-2025-62821 affects Microsoft HEIF Image Extensions 1.2.22.0. The issue is an out-of-bounds read caused by CHEIFItemInfoEntry_GetDataSize returning success while reporting data size as 0, leading to a 1-byte allocation. Later, CopyPixels computes copy_size = stride * abs(roi_height) without va...

9.1CVSS6AI score0.00823EPSS
Exploits1References1Affected Software1
Ubuntu
Ubuntu
added 2026/06/18 4:41 p.m.18 views

USN-8454-1: libheif vulnerabilities

Elhanan Haenel discovered that libheif incorrectly handled certain malformed HEIF sequence files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. CVE-2026-32738 Elhanan Haenel discovered that libheif incorrectly...

8.8CVSS5.1AI score0.00514EPSS
Exploits5
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.11 views

Libheif 1.19.x < 1.23.0 DoS (macOS)

According to its self-reported version, libheif on the remote host is affected by a denial of service vulnerability. A crafted HEIF sequence file can cause libheif to perform unbounded heap allocation due to a missing bound check in the stsz fixed-size mode of the HEIF sequence parser, leading to...

5.9AI score0.00089EPSS
Exploits0References2
Rows per page
Query Builder