CVE Catalog

CVE-2025-62821

CriticalCVSS 9.1
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Elevated risk
0.82%

53th percentile — higher than 53% of all known CVEs

Summary

A vulnerability in Microsoft HEIF Image Extensions version 1.2.22.0 is caused by an out-of-bounds read. The CHEIFItemInfoEntry_GetDataSize function can return success while leaving the data size as 0, resulting in a 1-byte allocation. Subsequently, CopyPixels calculates copy size based on stride and height but does not check the source buffer length before calling memmove.

Risk Assessment

An attacker could exploit this vulnerability to read memory outside the allocated buffer, potentially leading to disclosure of sensitive data or system instability.

Recommendation

Immediately update HEIF Image Extensions to a version newer than 1.2.22.0 as soon as the vendor releases a patch.

Original NVD description (English source)

Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copy_size = stride * abs(roi_height) but does not check the source buffer length before a memmove call.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS