The vulnerability in libheif allows a crafted HEIF file to bypass a range check due to a wraparound in the offset calculation for icef compressed‑unit blocks. The check uses unit_offset + unit_size, and when the addition overflows, the resulting value can be smaller than the actual size, permitting the decoder to construct iterators that reference data outside the intended buffer. This causes an out‑of‑bounds heap read, which typically results in a crash but could also expose data from adjacent memory, potentially leading to information disclosure. The weakness is identified as CWE‑125 (Out‑of‑Bounds Read).

The flaw exists in libheif before version 1.22.1. Any application that links against a pre‑1.22.1 build of libheif and decodes uncompressed HEIF files is at risk. Common use cases include image processing libraries, media players, and document rendering engines that embed libheif for HEIC support.

The CVSS base score of 6.5 indicates a moderate severity. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, suggesting no widespread exploitation has been observed to date. The attack vector is inferred to be file‑based; an attacker who can supply a malicious HEIF file to the victim’s application may trigger the crash or read of sensitive memory. While there is no direct path to remote code execution in the provided description, a local or possibly remote flaw capable of causing a denial of service or information leak exists. The risk remains moderate, with exploitation likelihood contingent on the target’s exposure to untrusted HEIF files.