CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

Tenable Nessus•added 2026/05/25 12:0 a.m.•11 views

Linux Distros Unpatched Vulnerability : CVE-2026-41069

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in co...

6.5CVSS5.4AI score0.00041EPSS

Exploits1References3

Snyk•added 2026/05/22 11:49 p.m.•8 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the core sequence parsing process. An attacker can cause a crash or denial of service by providing a specially crafted HEIF file that manipulates the stco.entrycount, saio.entrycount, and saiz.samplecount values to...

7.1CVSS5.8AI score0.00041EPSS

Exploits1References2

OSV•added 2026/05/22 9:16 p.m.•4 views

DEBIAN-CVE-2026-41069

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...

6.5CVSS5.8AI score0.00041EPSS

Exploits1References1

OSV•added 2026/05/22 9:16 p.m.•3 views

UBUNTU-CVE-2026-41069

6.5CVSS5.8AI score0.00041EPSS

Exploits1References4

UbuntuCve•added 2026/05/22 9:16 p.m.•6 views

CVE-2026-41069

6.5CVSS5.8AI score0.00041EPSS

Exploits1References3

ATTACKERKB•added 2026/05/22 8:49 p.m.•4 views

CVE-2026-41069

6.5CVSS5.8AI score0.00041EPSS

Exploits1References3Affected Software1

EUVD•added 2026/05/22 8:49 p.m.•5 views

EUVD-2026-31503

6.5CVSS5.8AI score0.00041EPSS

Exploits1References2

CVE•added 2026/05/22 8:49 p.m.•46 views

CVE-2026-41069

Summary: CVE-2026-41069 affects libheif up to v1.21.2, where a malformed HEIF sequence can trigger an out-of-bounds read in core sequence parsing, leading to DoS. The issue occurs when stco.entry_count == 0 but saiz.sample_count > 0, causing the SampleAuxInfoReader loop to dereference an empty...

6.5CVSS5.8AI score0.00041EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/05/22 8:49 p.m.•7 views

CVE-2026-41069 libheif allows Out-of-bounds vector access leading to invalid dereference (DoS)

6.5CVSS5.8AI score0.00041EPSS

Exploits1References2

Debian CVE•added 2026/03/20 8:7 p.m.•3 views

CVE-2026-33144

GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow write vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gfxmlparsebitsequencebs function in utils/xmlbincustom.c when processing a crafted NHML file containing malicious...

7.8CVSS5.7AI score0.00027EPSS

Exploits1

RedHat Linux•added 2023/12/07 1:41 p.m.•4 views

snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode

A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash, resulting in a denial of service...

6.5CVSS6.8AI score0.00533EPSS

Exploits0References4

OSV•added 2022/12/22 8:15 p.m.•2 views

CVE-2022-34476

ASN.1 parsing of an indefinite SEQUENCE inside an indefinite GROUP could have resulted in the parser accepting malformed ASN.1. This vulnerability affects Firefox 102...

9.8CVSS7.4AI score0.00571EPSS

Exploits0References2

Exploit DB•added 2012/07/03 12:0 a.m.•31 views

gnome-terminal (vte) VteTerminal - Escape Sequence Parsing Remote Denial of Service

source: https://www.securityfocus.com/bid/54281/info VTE is prone to a vulnerability that may allow attackers to cause an affected application to consume excessive amounts of memory and CPU time, resulting in a denial-of-service condition. echo -en "\e2147483647L" echo -en "\e2147483647M" echo -e...

7.4AI score

Exploits0