Lucene search
K

19 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:36 p.m.10 views

CVE-2026-41069

A flaw was found in libheif, a HEIF High Efficiency Image File Format and AVIF file format decoder and encoder. A remote attacker could exploit this vulnerability by providing a specially crafted, malformed HEIF sequence file. This malformed file can trigger an out-of-bounds read during the core...

6.5CVSS4.3AI score0.00253EPSS
Exploits1References2
OSV
OSV
added 2026/06/05 3:18 p.m.8 views

JLSEC-2026-574

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS5.2AI score0.00302EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.8 views

PT-2026-49257

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/05 12:0 a.m.10 views

PT-2026-49256

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entry count == 0 creating no chunks while still passing validation...

6.5CVSS5.4AI score
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/05/25 11:8 p.m.13 views

CVE-2026-41071

A flaw was found in libheif, a library for decoding and encoding HEIF High Efficiency Image File Format and AVIF files. A remote attacker could exploit this vulnerability by providing a specially crafted HEIF sequence file. When parsing the file, if the saiz sample auxiliary information box...

8.1CVSS5.8AI score0.00302EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/22 11:49 p.m.10 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the core sequence parsing process. An attacker can cause a crash or denial of service by providing a specially crafted HEIF file that manipulates the stco.entrycount, saio.entrycount, and saiz.samplecount values to...

7.1CVSS5.8AI score0.00253EPSS
Exploits1References2
Snyk
Snyk
added 2026/05/22 11:49 p.m.10 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the SampleAuxInfoReader constructor when parsing a specially crafted HEIF sequence file containing a saiz box that declares more samples than exist in the track's chunk table. An attacker can cause a heap buffer...

8.1CVSS5.9AI score0.00302EPSS
Exploits1References2
OSV
OSV
added 2026/05/22 10:16 p.m.8 views

DEBIAN-CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

8.1CVSS5.8AI score0.00302EPSS
Exploits1References1
UbuntuCve
UbuntuCve
added 2026/05/22 10:16 p.m.10 views

CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

8.1CVSS5.7AI score0.00302EPSS
Exploits1References3
AlpineLinux
AlpineLinux
added 2026/05/22 8:59 p.m.21 views

CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

8.1CVSS5.7AI score0.00302EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/05/22 8:59 p.m.8 views

CVE-2026-41071

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS5.8AI score0.00302EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/22 8:59 p.m.11 views

CVE-2026-41071 libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS5.7AI score0.00302EPSS
Exploits1References2
EUVD
EUVD
added 2026/05/22 8:59 p.m.11 views

EUVD-2026-31501

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS5.8AI score0.00302EPSS
Exploits1References2
CVE
CVE
added 2026/05/22 8:59 p.m.87 views

CVE-2026-41071

CVE-2026-41071 affects libheif up to version 1.21.2. A crafted HEIF sequence file where the saiz box declares more samples than actually exist can trigger a heap‑buffer‑overflow (out‑of‑bounds read) in the SampleAuxInfoReader constructor when parsing via heif_context_read_from_file. The reader it...

8.1CVSS5.8AI score0.00302EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/05/22 8:59 p.m.28 views

CVE-2026-41071 libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

5.1CVSS0.00302EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/05/22 8:49 p.m.10 views

CVE-2026-41069 libheif allows Out-of-bounds vector access leading to invalid dereference (DoS)

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...

6.5CVSS5.8AI score0.00253EPSS
Exploits1References2
CVE
CVE
added 2026/05/22 8:49 p.m.68 views

CVE-2026-41069

Summary: CVE-2026-41069 affects libheif up to v1.21.2, where a malformed HEIF sequence can trigger an out-of-bounds read in core sequence parsing, leading to DoS. The issue occurs when stco.entry_count == 0 but saiz.sample_count > 0, causing the SampleAuxInfoReader loop to dereference an empty...

6.5CVSS5.8AI score0.00253EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/05/22 12:0 a.m.10 views

libheif 缓冲区错误漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability arises from the fact that the number of samples declared in the saiz frame exceeds the...

8.1CVSS6AI score0.00302EPSS
Exploits1References2
OSV
OSV
added 2025/01/23 10:15 p.m.3 views

UBUNTU-CVE-2024-50665

gpac 2.4 contains a SEGV at src/isomedia/drmsample.c:1562:96 in isomcencgetsaibysaizsaio in MP4Box...

5.5CVSS5.8AI score0.00244EPSS
Exploits1References2
Rows per page
Query Builder