Microsoft Heif Image Extension — known CVE vulnerabilities
Every CVE whose affected-product data names Microsoft Heif Image Extension, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2025-62821 — CVSS 9.1 (critical): Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving…