Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2026-3949

Опубликовано: 11 мар. 2026
Источник: redhat
CVSS3: 3.3
EPSS Низкий

Описание

A flaw was found in libheif. This vulnerability allows a local attacker to trigger an out-of-bounds read by manipulating the size argument in the vvdec_push_data2 function. This could lead to a denial of service (DoS).

Отчет

This is a LOW impact vulnerability in libheif affecting Red Hat Community Projects. A local attacker can trigger an out-of-bounds read by manipulating arguments to the vvdec_push_data2 function, potentially leading to a denial of service. Exploitation requires local access to the system.

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-805
https://bugzilla.redhat.com/show_bug.cgi?id=2446725libheif: libheif: Out-of-bounds read via local argument manipulation

EPSS

Процентиль: 3%
0.00014
Низкий

3.3 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2026-3949

CVSS3: 3.3
ubuntu
14 дней назад

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called b97c8b5f198b27f375127cd597a35f2113544d03. It is advisable to implement a patch to correct this issue.

nvd логотип

CVE-2026-3949

CVSS3: 3.3
nvd
14 дней назад

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called b97c8b5f198b27f375127cd597a35f2113544d03. It is advisable to implement a patch to correct this issue.

debian логотип

CVE-2026-3949

CVSS3: 3.3
debian
14 дней назад

A vulnerability was determined in strukturag libheif up to 1.21.2. Thi ...

github логотип

GHSA-2rvx-jpm5-g848

CVSS3: 3.3
github
14 дней назад

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called b97c8b5f198b27f375127cd597a35f2113544d03. It is advisable to implement a patch to correct this issue.

EPSS

Процентиль: 3%
0.00014
Низкий

3.3 Low

CVSS3