PT-2026-50877 · Undefined · Undefined
Published
2026-06-19
·
Updated
2026-06-19
·
CVE-2025-62821
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry GetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copy size = stride * abs(roi height) but does not check the source buffer length before a memmove call.
Exploit
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Undefined