A remote code execution vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could execute code on the user's system.
High - remote code execution
High - image rendering
CVE-2022-21844
A heap overflow vulnerability is present when a crafted HEIC image file is rendered by Windows Imaging Component.
This issue was fixed as part of February 2022 security update.
Dhanesh Kizhakkinan, Mandiant
- 23 September 2021 - Issue reported to vendor
- 04 October 2021 - Issue confirmed
- 08 February 2022 - Issue fixed and security advisory released