SUSE CVE-2025-68431

libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in HeifPixelImage::overlay. The function computes a negative row length likely from an unclipped overlay rectangle or...

CVE-2023-0399

The Image Over Image For WPBakery Page Builder WordPress plugin before 3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Sit...

SUSE CVE-2024-41311

In Libheif 1.17.6, insufficient checks in ImageOverlay::parse decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write...

UBUNTU-CVE-2024-41311

In Libheif 1.17.6, insufficient checks in ImageOverlay::parse decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write...

PT-2024-7935 · Libheif +6 · Libheif +6

Name of the Vulnerable Software and Affected Versions: Libheif version 1.17.6 Description: The issue is related to the ImageOverlay::parse function in the libheif decoder and encoder for video and photo file formats. It involves an out-of-bounds read and write due to insufficient checks when...

CVE-2006-1736

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes...