14 matches found
CVE-2026-41069
A flaw was found in libheif, a HEIF High Efficiency Image File Format and AVIF file format decoder and encoder. A remote attacker could exploit this vulnerability by providing a specially crafted, malformed HEIF sequence file. This malformed file can trigger an out-of-bounds read during the core...
JLSEC-2026-570
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...
JLSEC-2026-571
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...
PT-2026-49253
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples per chunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor m last sample = 0 + 0 - 1 = UINT32 MAX, mapping all samples to an...
CVE-2026-41069
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...
CVE-2026-41069
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...
PT-2026-42833
Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.21.3 Description An out-of-bounds read can occur in the core sequence parsing logic when processing a malformed HEIF sequence file, leading to a Denial of Service DoS. This happens when a file has stco.entry count s...
CVE-2026-32739
A flaw was found in libheif, a HEIF and AVIF file format decoder and encoder. A remote attacker could exploit this vulnerability by providing a specially crafted HEIF High Efficiency Image File Format sequence file. This would trigger an infinite loop during file parsing, consuming 100% CPU...
CVE-2026-32739
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...
UBUNTU-CVE-2026-32738
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...
CVE-2026-32738
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...
CVE-2026-32738
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...
PT-2026-42002
Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description An issue in the HEIF and AVIF file format decoder and encoder allows a specially crafted 800-byte HEIF sequence file to trigger an infinite loop in the Box stts::get sample duration function. This...
PT-2026-41995
Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description An unsigned integer underflow occurs in the Chunk constructor when processing a crafted HEIF sequence file containing samples per chunk=0 in the stsc box. This causes all samples to map to an empty...