Lucene search
K

50 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2026-47178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Debian Linux - libheif - None Ubuntu Linux - Unknown description CVE-2026-47178 Note that Nessus relies on the presence of the package as reported by the vendor...

5.8AI score0.00025EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.73 views

Amazon Linux 2023 : heif-pixbuf-loader, libheif, libheif-devel (ALAS2023-2026-1814)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1814 advisory. libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap- buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to...

8.8CVSS6AI score0.00514EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.7 views

PT-2026-49253

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples per chunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor m last sample = 0 + 0 - 1 = UINT32 MAX, mapping all samples to an...

6.5CVSS5.3AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/22 8:59 p.m.8 views

CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS5.8AI score0.00302EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 8:59 p.m.10 views

CVE-2026-41071 libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS5.7AI score0.00302EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/22 8:59 p.m.16 views

CVE-2026-41071 libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS0.00302EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/05/22 8:59 p.m.12 views

CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

8.1CVSS5.8AI score0.00302EPSS
Exploits1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.9 views

libheif 缓冲区错误漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability arises from the fact that the number of samples declared in the saiz frame exceeds the...

8.1CVSS6AI score0.00302EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/05/19 7:49 p.m.12 views

CVE-2026-32814

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default, a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized...

6.5CVSS5.7AI score0.00303EPSS
Exploits0
EUVD
EUVD
added 2026/05/19 7:22 p.m.14 views

EUVD-2026-30978

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...

8.8CVSS5.8AI score0.00514EPSS
Exploits1References2
NVD
NVD
added 2026/05/19 7:16 p.m.23 views

CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

6.5CVSS0.00301EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/19 7:10 p.m.39 views

CVE-2026-32739 libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration Lookup

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

6.5CVSS0.0032EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/19 7:10 p.m.14 views

CVE-2026-32739 libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration Lookup

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

6.5CVSS5.7AI score0.0032EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/05/19 7:3 p.m.37 views

CVE-2026-32738 libheif has a Heap OOB Read/SEGV Crash via Zero samples_per_chunk

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

6.5CVSS0.00301EPSS
Exploits1References1
OSV
OSV
added 2026/03/11 8:16 p.m.7 views

CVE-2026-3950

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

3.3CVSS5.2AI score
Exploits0References7
UbuntuCve
UbuntuCve
added 2026/03/11 8:16 p.m.2 views

CVE-2026-3950

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

4.8CVSS5.4AI score0.00117EPSS
Exploits0References1
OSV
OSV
added 2026/03/11 8:16 p.m.3 views

UBUNTU-CVE-2026-3950

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

4.8CVSS5.1AI score0.00117EPSS
Exploits0References3
OSV
OSV
added 2026/03/11 7:16 p.m.3 views

DEBIAN-CVE-2026-3949

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched...

4.8CVSS4AI score0.00117EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/11 7:2 p.m.29 views

CVE-2026-3950 strukturag libheif stsz/stts track.cc load out-of-bounds

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and...

4.8CVSS0.00117EPSS
Exploits0References7
CVE
CVE
added 2026/03/11 7:2 p.m.9 views

CVE-2026-3950

CVE-2026-3950 affects strukturag libheif up to 1.21.2. The issue occurs in Track::load (libheif/sequences/track.cc, stsz/stts) and causes an out-of-bounds read. Exploitation requires local access; exploit code is publicly available. A patch exists but is unofficial/not officially approved. Remedi...

4.8CVSS5.2AI score0.00117EPSS
Exploits0References7
Rows per page
Query Builder