Global Buffer Overflow in Heif by Nokia Technology
CVE-2021-32287

7.8HIGH

Key Information:

Vendor: Nokia
Status: Heif
Vendor: CVE Published:; 20 September 2021

What is CVE-2021-32287?

A global buffer overflow vulnerability has been identified in heif version 3.6.2. The issue resides in the HevcDecoderConfigurationRecord::getPicWidth() function, located in hevcdecoderconfigrecord.cpp. If exploited, this vulnerability allows an attacker to execute arbitrary code, posing significant security risks to users of the affected heif software.

References

https://github.com/nokiatech/heif/issues/86

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 20, 2021
Vulnerability Reserved
May 7, 2021