Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/06/30 6:45 a.m.6 views

CVE-2026-49271

A flaw was found in libheif, a decoder and encoder for HEIF and AVIF file formats. A remote attacker could exploit this vulnerability by providing a specially crafted HEIF file. The uncompressed HEIF decoder's validation of icef compressed-unit offsets can experience an integer wrap-around. This...

6.5CVSS5.8AI score0.00199EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/21 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-49271

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offse...

6.5CVSS6AI score0.00199EPSS
Exploits0References2
Snyk
Snyk
added 2026/06/19 7:8 p.m.4 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the uncompressed HEIF decoder process. An attacker can cause a crash by supplying a crafted HEIF file that manipulates compressed-unit offsets to trigger an out-of-bounds heap read. Remediation A fix was pushed int...

7.1CVSS5.8AI score0.00199EPSS
Exploits0References2
Ubuntu
Ubuntu
added 2026/06/18 4:41 p.m.15 views

USN-8454-1: libheif vulnerabilities

Elhanan Haenel discovered that libheif incorrectly handled certain malformed HEIF sequence files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. CVE-2026-32738 Elhanan Haenel discovered that libheif incorrectly...

8.8CVSS5.1AI score0.00514EPSS
Exploits5
EUVD
EUVD
added 2026/05/22 8:59 p.m.11 views

EUVD-2026-31501

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS5.8AI score0.00302EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/19 9:51 p.m.10 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the Chunk process when handling files with a samplesperchunk value of zero. An attacker can cause a segmentation fault and denial of service by providing a specially crafted HEIF file that triggers an unsigned...

7.1CVSS5.8AI score0.00301EPSS
Exploits1References2
NVD
NVD
added 2026/05/19 8:16 p.m.17 views

CVE-2026-32739

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

6.5CVSS0.0032EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.6 views

libheif 输入验证错误漏洞

libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder from struktur open source. An input validation error vulnerability exists in versions prior to libheif 1.21.0, which stems from a specially crafted HEIF file triggering an over-read of the heap buffer, which may result in a...

7.1CVSS7.2AI score0.00267EPSS
Exploits1References4
CNVD
CNVD
added 2021/11/04 12:0 a.m.20 views

libheif buffer overflow vulnerability

libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder. libheif version 1.6.2 contains a buffer overflow vulnerability in the convertcolorspace function in heifcolorconversion.cc. An attacker can exploit this vulnerability to cause a denial of service and disclose sensitive...

8.1CVSS4.7AI score0.01245EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/11/03 12:0 a.m.8 views

libheif 缓冲区错误漏洞

libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder. libheif version 1.6.2 contains a buffer overflow vulnerability in the convertcolorspace function in heifcolorconversion.cc. An attacker can exploit this vulnerability to cause a denial of service and disclose sensitive...

8.1CVSS6AI score0.01245EPSS
Exploits1References3
Rows per page
Query Builder