CVE-2025-62821

Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copy_size = stride * abs(roi_height) but does not check the source buffer length before a memmove call.
References
Link Resource
https://github.com/hyunjungg/CVE-2025-62821 Exploit Third Party Advisory
https://github.com/hyunjungg/CVE-2025-62821 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:microsoft:heif_image_extension:1.2.22.0:*:*:*:*:*:*:*

History

30 Jun 2026, 18:49

Type Values Removed Values Added
First Time Microsoft heif Image Extension
Microsoft
References () https://github.com/hyunjungg/CVE-2025-62821 - () https://github.com/hyunjungg/CVE-2025-62821 - Exploit, Third Party Advisory
CPE cpe:2.3:a:microsoft:heif_image_extension:1.2.22.0:*:*:*:*:*:*:*

22 Jun 2026, 18:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.1
CWE CWE-125
References () https://github.com/hyunjungg/CVE-2025-62821 - () https://github.com/hyunjungg/CVE-2025-62821 -

19 Jun 2026, 14:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-19 14:16

Updated : 2026-06-30 18:49


NVD link : CVE-2025-62821

Mitre link : CVE-2025-62821

CVE.ORG link : CVE-2025-62821


JSON object : View

Products Affected

microsoft

  • heif_image_extension
CWE
CWE-125

Out-of-bounds Read