Description
Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copy_size = stride * abs(roi_height) but does not check the source buffer length before a memmove call.
Published: 2026-06-19
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises when CHEIFItemInfoEntry_GetDataSize reports success but supplies a data size of zero, causing a caller to allocate only one byte. Subsequently, CopyPixels computes a larger destination size but fails to validate that the source buffer contains enough data before calling memmove, resulting in a buffer over‑read. This flaw permits an attacker to read beyond the bounds of the source image data, potentially exposing sensitive memory contents or causing a crash. The weakness corresponds to a buffer over‑read (CWE‑20).

Affected Systems

Microsoft HEIF Image Extensions 1.2.22.0 on Windows platforms is affected. The flaw is present in the HEIF Image Extensions component and affects any system that uses that specific version to process HEIF images.

Risk and Exploitability

The exploitation of this vulnerability requires an attacker to deliver a crafted HEIF image to a user or application that loads the image. Because the flaw is an out‑of‑bounds read, it could lead to information disclosure or memory corruption; however, no publicly available exploit is known and no CVSS score is provided. The risk level is moderate to high depending on the context (local or remote access) and the sensitivity of the data processed by HEIF Image Extensions. The vulnerability is not currently listed in CISA KEV, and no EPSS score is available, so the precise likelihood of exploitation is unknown.

Generated by OpenCVE AI on June 19, 2026 at 20:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check for updates to Microsoft HEIF Image Extensions and apply any released patch for version 1.2.22.0.
  • Disable HEIF image support on systems where it is not needed, or enforce file filtering policies to block untrusted HEIF files.
  • Use application whitelisting or sandboxing to restrict which software can access HEIF Image Extensions, reducing the attack surface.
  • Employ trusted image‑handling libraries that perform comprehensive validation of HEIF image headers before processing the pixel data.

Generated by OpenCVE AI on June 19, 2026 at 20:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 19 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
Title Out-of-Bounds Read in Microsoft HEIF Image Extensions Facilitates Potential Memory Corruption
Weaknesses CWE-20

Fri, 19 Jun 2026 18:15:00 +0000

Type Values Removed Values Added
Description Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copy_size = stride * abs(roi_height) but does not check the source buffer length before a memmove call.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-06-19T13:30:03.199Z

Reserved: 2025-10-23T00:00:00.000Z

Link: CVE-2025-62821

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-19T20:30:04Z

Weaknesses
  • CWE-20

    Improper Input Validation