6.5
CVE-2026-49271
- EPSS 0.2%
- Veröffentlicht 19.06.2026 17:16:20
- Zuletzt bearbeitet 26.06.2026 12:33:18
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
libheif: Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoder
libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unit_offset + unit_size. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector from iterators outside the compressed item buffer, producing an out-of-bounds heap read and crash. Version 1.22.1 patches the issue.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.2% | 0.098 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
CWE-125 Out-of-bounds Read
The product reads data past the end, or before the beginning, of the intended buffer.
https://github.com/strukturag/libheif/security/advisories/GHSA-r7qj-cg5r-r6vf