CVE-2025-62821

ANALYSIS PENDING

Microsoft HEIF Image Extensions 1.2.22.0 - Out-of-Bounds Read via CHEIFItemInfoEntry_GetDataSize

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-62821. PoCs published by hyunjungg.

AI-analyzed exploit summary The repository contains a functional proof-of-concept exploit for CVE-2025-62821, demonstrating a source-buffer under-allocation vulnerability in Microsoft HEIF Image Extensions (msheif_store.dll) that leads to an out-of-bounds read and access violation (DoS). The exploit includes a crafted HEIF file and detailed technical analysis of the root cause, code flow, and suggested fixes.

Description

Microsoft HEIF Image Extensions 1.2.22.0 has an out-of-bounds read because CHEIFItemInfoEntry_GetDataSize can return success while leaving the reported data size as 0. This causes a caller to make a 1-byte allocation. Later, CopyPixels computes copy_size = stride * abs(roi_height) but does not check the source buffer length before a memmove call.

Exploits (1)

nomisec WORKING POC
by hyunjungg · poc
https://github.com/hyunjungg/CVE-2025-62821

The repository contains a functional proof-of-concept exploit for CVE-2025-62821, demonstrating a source-buffer under-allocation vulnerability in Microsoft HEIF Image Extensions (msheif_store.dll) that leads to an out-of-bounds read and access violation (DoS). The exploit includes a crafted HEIF file and detailed technical analysis of the root cause, code flow, and suggested fixes.

Classification
Working Poc 100%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target: Microsoft HEIF Image Extensions (msheif_store.dll) version 1.2.22.0
No auth needed
Prerequisites: HEIF Image Extensions installed from Microsoft Store · Microsoft Photos or any WIC consumer that routes through the HEIF Image Extensions
devstral-2 · analyzed Jun 19, 2026 Full analysis →

References (1)

Core 1

Details

Status published
Published Jun 19, 2026
Tracked Since Jun 19, 2026