CVE-2025-62821
CriticalCVSS 9.1Exploitation Probability (EPSS)
Elevated risk53th percentile — higher than 53% of all known CVEs
Summary
A vulnerability in Microsoft HEIF Image Extensions version 1.2.22.0 is caused by an out-of-bounds read. The CHEIFItemInfoEntry_GetDataSize function can return success while leaving the data size as 0, resulting in a 1-byte allocation. Subsequently, CopyPixels calculates copy size based on stride and height but does not check the source buffer length before calling memmove.
Risk Assessment
An attacker could exploit this vulnerability to read memory outside the allocated buffer, potentially leading to disclosure of sensitive data or system instability.
Recommendation
Immediately update HEIF Image Extensions to a version newer than 1.2.22.0 as soon as the vendor releases a patch.
Original NVD description (English source)
Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copy_size = stride * abs(roi_height) but does not check the source buffer length before a memmove call.

