CVE-2026-50142

medium

Description

The vulnerability exists due to a missing boundary check on the sample size (stsz) box fixed-size parameter inside the HEIF sequence parser of libheif. When a malformed image sequence is parsed, the missing verification step triggers an unbounded heap memory allocation loop, enabling an attacker to induce severe system resource exhaustion or local denial of service (DoS).

Details

Source: Mitre, NVD

Published: 2026-06-18

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium

EPSS

EPSS: 0.00089

Detections

Analytics