Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copy_size = stride * abs(roi_height) but does not check the source buffer length before a memmove call.
References
| Link | Resource |
|---|---|
| https://github.com/hyunjungg/CVE-2025-62821 | Exploit Third Party Advisory |
| https://github.com/hyunjungg/CVE-2025-62821 | Exploit Third Party Advisory |
Configurations
History
30 Jun 2026, 18:49
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Microsoft heif Image Extension
Microsoft |
|
| References | () https://github.com/hyunjungg/CVE-2025-62821 - Exploit, Third Party Advisory | |
| CPE | cpe:2.3:a:microsoft:heif_image_extension:1.2.22.0:*:*:*:*:*:*:* |
22 Jun 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.1 |
| CWE | CWE-125 | |
| References | () https://github.com/hyunjungg/CVE-2025-62821 - |
19 Jun 2026, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-19 14:16
Updated : 2026-06-30 18:49
NVD link : CVE-2025-62821
Mitre link : CVE-2025-62821
CVE.ORG link : CVE-2025-62821
JSON object : View
Products Affected
microsoft
- heif_image_extension
CWE
CWE-125
Out-of-bounds Read
