❌

Reading view

A Vulnerability in Cisco Unified Communications Products Could Allow for Remote Code Execution

A vulnerability has been discovered in Cisco Unified Communications Products which could allow for remote code execution. Cisco Unified Communications (UC) Products are an integrated suite of IP-based hardware and software that combine voice, video, messaging, and data into a single platform. Successful exploitation of this vulnerability could allow for remote code execution as root, which may lead to the complete compromise of the affected device.

  •  

CISO Middle East Summit 2026 – Doha

CISO Middle East Summit – Doha, Qatar | 22nd January 2026

The CISO Middle East Summit 2026, taking place on 22nd January in Doha, Qatar, stands as one of the region’s most anticipated gatherings for cybersecurity leaders, innovators, and policymakers. Under the theme β€œDigital Freedom & Resilience: The Pillars of Qatar’s Cyber Vision 2030,” the summit will unite key decision-makers from government, critical infrastructure, and enterprise sectors to shape the future of cybersecurity in the Middle East.

The event will feature thought-provoking discussions, strategic insights, and real-world case studies that address the evolving cyber threat landscape and the increasing need for digital trust, resilience, and collaboration. With participation from senior cybersecurity executives, government representatives, and technology experts, the summit will highlight emerging trends in AI security, regulatory evolution, and national cyber defense.

Beyond its knowledge-sharing sessions, the CISO Middle East Summit offers a unique networking platform for CISOs, solution providers, and innovators to connect and explore partnerships that drive the region’s cybersecurity maturity. Supported by leading sponsors and media partners, this one-day event in Doha reinforces Qatar’s growing position as a hub for digital innovation and cyber resilience.

For those driving the next phase of security transformation, this summit is a defining milestone in the Middle East’s cybersecurity journey.

The post CISO Middle East Summit 2026 – Doha appeared first on CISO MAG | Cyber Security Magazine.

  •  

WAM Morocco

WAM Morocco 2026 is organised by KAOUN International (a subsidiary of Dubai World Trade Centre) and proudly in association with GITEX Africa. The debut event is set to be the continent’s largest tech and start-up event in advanced manufacturing and future mobility.

WAM Morocco will take place under the auspices of the Moroccan Ministry of Industry and Trade from 20 – 22 January 2026 at Foire Internationale de Casablanca, Morocco. Expected to draw over 350 exhibitors and more than 20,000 high-level corporate buyers, WAM Morocco will be the hub where the entire industrial innovation ecosystem connects and collaborates.

WAM Morocco features four co-located events World Advanced Future Mobility (WAFM), World Green Energy (WGE), World Pharma Manufacturing (WPM) and World Digital Food Hub (WDFH). Cutting-edge technologies in AI, quantum computing, 3D printing, blockchain and mixed reality will take centre stage at WAM Morocco and drive forward Morocco’s vision of becoming a globally competitive and sustainable manufacturing capital.

The post WAM Morocco appeared first on CISO MAG | Cyber Security Magazine.

  •  

VU#481830: Libheif uncompressed codec lacks bounds check leading to application crash

Overview

An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif. A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory access.

Description

libheif is an open-source library used for decoding and encoding modern image formats, including HEIF (High Efficiency Image File Format) and AVIF (AV1 Image File Format). These formats provide high compression efficiency and are widely used across mobile devices and online platforms.

libheif contains an out-of-bounds iterator access vulnerability in its uncompressed codec. The issue occurs when the decoder processes certain metadata structures within a HEIF file. Specifically, the decoder fails to adequately validate values read from an internal metadata box before performing iterator arithmetic on the underlying data buffer.

As a result, a malformed HEIF file can cause the decoder to read past the end of the input buffer and incorrectly interpret unrelated memory as valid metadata. This invalid memory access may lead to a segmentation fault during image decoding.

The CVE-2025-65586 captures this out-of-bounds checking flaw in libheif’s uncompressed codec that allows a maliciously crafted HEIF file to trigger an out-of-bounds read, resulting in a segmentation fault and denial of service when the file is parsed. The vulnerability was introduced in commit 6190b58f (October 3, 2024). Versions v1.19.0 through Versions 1.20.2 are affected by this vulnerbaility. The versions v1.17.6 and earlier are not affected. The issue was reported to the libheif project and has been fixed in commit f4d9157 (November 5, 2025) and then merged to the version release 1.21.0 at the end of 2025.

Impact

An attacker can exploit this vulnerability by supplying a maliciously crafted HEIF image, causing applications that use libheif to crash. Based on current analysis, exploitation is limited to denial-of-service conditions.

Potential impacts include

  • Unexpected termination of applications that decode HEIF images
  • Crashes in systems that automatically generate previews or thumbnails
  • Disruption of services that process untrusted HEIF content (e.g., browsers, email clients, photo management tools)

There is no evidence at this time that this vulnerability can be used to achieve memory disclosure or arbitrary code execution.

Discovery

The vulnerability was discovered through coverage-guided fuzzing using AddressSanitizer-instrumented builds of libheif. The issue was reproducible across standard Linux development environments.

Solution

Software vendors and developers using the libheif library are strongly encouraged to update to version 1.21.0 or later, which includes the fix for this vulnerability. End users should apply available software updates to ensure they are running a version of libheif that addresses this issue.

Acknowledgements

Thanks to the reporter Maor Caplan for identifying the vulnerability and to Dirk Farin for implementing the fix. This document was written by Timur Snoke.

Vendor Information

One or more vendors are listed for this advisory. Please reference the full report for more information.

Other Information

CVE IDs: CVE-2025-65586
Date Public: 2026-01-20
Date First Published: 2026-01-20
Date Last Updated: 2026-01-27 17:39 UTC
Document Revision: 4
  •  
❌