Heif Image Extension CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-62821	1 Microsoft	1 Heif Image Extension	2026-06-19	N/A
Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copy_size = stride * abs(roi_height) but does not check the source buffer length before a memmove call.
CVE-2022-24457	1 Microsoft	1 Heif Image Extension	2026-05-22	7.8 High
HEIF Image Extensions Remote Code Execution Vulnerability
CVE-2020-17101	1 Microsoft	1 Heif Image Extension	2024-11-21	7.8 High
HEIF Image Extensions Remote Code Execution Vulnerability

Page 1 of 1.