CVE-2025-62821

Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntryGetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copysize = stride absroiheight but does not check the...

CVE-2025-62821

CVE-2025-62821 affects Microsoft HEIF Image Extensions 1.2.22.0. The issue is an out-of-bounds read caused by CHEIFItemInfoEntry_GetDataSize returning success while reporting data size as 0, leading to a 1-byte allocation. Later, CopyPixels computes copy_size = stride * abs(roi_height) without va...

CVE-2025-62821

Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntryGetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copysize = stride absroiheight but does not check the...

PT-2026-50877

Name of the Vulnerable Software and Affected Versions Microsoft HEIF Image Extensions version 1.2.22.0 Description An out-of-bounds read occurs because the CHEIFItemInfoEntry GetDataSize function can return a success status while leaving the reported data size at 0. This leads a caller to perform...

EUVD-2025-210287

Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntryGetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copysize = stride absroiheight but does not check the...

PT-2026-42535

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Concrete CMS fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field during the process of saving page type composer form layouts. An authenticated...

CVE-2026-25492 Craft has a save_images_Asset graphql mutation can be abused to exfiltrate AWS credentials of underlying host

Craft CMS is a content management system. In Craft versions 3.5.0 through 4.16.17 and 5.0.0-RC1 through 5.8.21, the saveimagesAsset GraphQL mutation can be abused to fetch internal URLs by providing a domain name that resolves to an internal IP address, bypassing hostname validation. When a...

EUVD-2020-9056

Malware in sbrugna...

Microsoft’s Response to Open-Source Vulnerabilities - CVE-2023-4863 and CVE-2023-5217

Microsoft is aware and has released patches associated with the two Open-Source Software security vulnerabilities, CVE-2023-4863 and CVE-2023-5217. Through our investigation, we found that these affect a subset of our products and as of today, we have addressed them in our products as outlined...

Microsoft Windows Raw Image Extensions RCE (July 2023)

The Windows 'Raw Image Extensions' app installed on the remote host is affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. Note that Nessus has not tested for these issues but has instead relied only...

Microsoft Windows Raw Image Extensions Library Multiple Vulnerabilities (April 2023)

The Windows 'Raw Image Extensions' app installed on the remote host is affected by multiple code execution vulnerabilities: - A remote code execution vulnerability exists in the Microsoft Windows Codecs Library Raw Image. An attacker who successfully exploited the vulnerability could execute...

Microsoft Windows Raw Image Extensions Library RCE (December 2022)

The Windows 'Raw Image Extensions' app installed on the remote host is affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. %NASLMINLEVEL 80900 C Tenable Network Security, Inc. The descriptive text an...

Microsoft Windows Raw Image Extensions Library RCE (September 2022)

The Windows 'Raw Image Extensions' app installed on the remote host is affected by a remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. %NASLMINLEVEL 80900 C Tenable Network Security, Inc. The descriptive text an...

The vulnerability of HEIF Image Extensions relates to the operation of writing data beyond the buffer into memory, allowing an attacker to execute arbitrary code.

The vulnerability of HEIF Image Extensions relates to the issue of writing operations beyond the buffer during the processing of HEIC files. Exploiting this vulnerability allows an attacker to execute arbitrary code...

Microsoft HEIF Image Extensions Remote Code Execution Vulnerability

Microsoft HEIF Image Extensions is a feature library for Microsoft Windows systems from Microsoft Corporation USA.Microsoft HEIF Image Extensions is vulnerable to remote code execution, which can be exploited by attackers to execute arbitrary code on the system...

CVE-2022-24457

HEIF Image Extensions Remote Code Execution Vulnerability...

CVE-2022-24457

HEIF Image Extensions Remote Code Execution Vulnerability...

Remote code execution

HEIF Image Extensions Remote Code Execution Vulnerability...

CVE-2022-24457 HEIF Image Extensions Remote Code Execution Vulnerability

...

CVE-2022-24457 HEIF Image Extensions Remote Code Execution Vulnerability

...