Libheif Security Vulnerabilities and Issues — Libheif CVE List

Lucene search

StrukturLibheif

15 matches found

CVE•added 2025/04/21 12:15 a.m.•121 views

CVE-2025-43967

libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.

7.5CVSS7.2AI score0.00051EPSS

CVE•added 2019/04/23 2:29 p.m.•87 views

CVE-2019-11471

libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images.

8.8CVSS8.5AI score0.00291EPSS

CVE•added 2023/05/05 4:15 p.m.•73 views

CVE-2023-29659

A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.

6.5CVSS6.1AI score0.00078EPSS

CVE•added 2024/10/15 9:15 p.m.•70 views

CVE-2024-41311

In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.

8.1CVSS7AI score0.00169EPSS

CVE•added 2025/04/21 12:15 a.m.•61 views

CVE-2025-43966

libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.

7.5CVSS7.1AI score0.00045EPSS

CVE•added 2023/02/24 4:15 a.m.•49 views

CVE-2023-0996

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.

7.8CVSS7.6AI score0.00161EPSS

CVE•added 2025/04/07 8:15 p.m.•45 views

CVE-2025-29482

Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265.

6.2CVSS7.8AI score0.00023EPSS

CVE•added 2023/12/07 8:15 p.m.•43 views

CVE-2023-49462

libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.

8.8CVSS8.6AI score0.00144EPSS

CVE•added 2021/11/03 5:15 p.m.•37 views

CVE-2020-23109

Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.

8.1CVSS7.7AI score0.00255EPSS

CVE•added 2021/07/21 6:15 p.m.•36 views

CVE-2020-19498

Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts.

8.8CVSS8.7AI score0.00371EPSS

CVE•added 2021/07/21 6:15 p.m.•36 views

CVE-2020-19499

An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read.

8.8CVSS8.7AI score0.00371EPSS

CVE•added 2024/03/05 1:15 a.m.•35 views

CVE-2024-25269

libheif

7.5CVSS6.3AI score0.00059EPSS

CVE•added 2023/12/07 8:15 p.m.•34 views

CVE-2023-49463

libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.

8.8CVSS8.6AI score0.00164EPSS

CVE•added 2023/12/07 8:15 p.m.•32 views

CVE-2023-49460

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.

8.8CVSS8.6AI score0.00164EPSS

CVE•added 2023/12/07 8:15 p.m.•27 views

CVE-2023-49464

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.

8.8CVSS8.6AI score0.0012EPSS