Lucene search
+L
StrukturLibheif

22 matches found

cve
cve
added 2025/04/20 12:0 a.m.141 views

CVE-2025-43967

CVE-2025-43967 involves a NULL pointer dereference in libheif

7.5CVSS7.2AI score0.00384EPSS
cve
cve
added 2019/04/23 1:55 p.m.128 views

CVE-2019-11471

CVE-2019-11471 affects libheif 1.4.0 with a use-after-free in HeifContext::Image::set_alpha_channel due to mishandling references to non-existing alpha images. Multiple advisories (Mageia MGASA-2019-0290/2024-0243, OSV USN 6847-1, Ubuntu USN 6847-1) indicate this issue can crash the program and c...

8.8CVSS8.5AI score0.01838EPSS
cve
cve
added 2024/10/15 12:0 a.m.95 views

CVE-2024-41311

Summary: CVE-2024-41311 affects Libheif 1.17.6 and is tied to an insufficient checks issue in ImageOverlay::parse() when decoding a HEIF with forged overlay offsets, leading to an out-of-bounds read and write. Publicly documented references indicate multiple OSS advisories and vendor responses. A...

8.1CVSS7AI score0.00825EPSS
cve
cve
added 2023/05/05 12:0 a.m.90 views

CVE-2023-29659

CVE-2023-29659 affects libheif 1.15.1 where a crafted HEIF image can trigger a segmentation fault via the heif::Fraction::round() path in box.cc, leading to denial of service. Connected advisories across major distros confirm this as a vulnerability in the library and reference various patches: D...

6.5CVSS6.1AI score0.00927EPSS
cve
cve
added 2026/05/22 8:59 p.m.90 views

CVE-2026-41071

CVE-2026-41071 affects libheif up to version 1.21.2. A crafted HEIF sequence file where the saiz box declares more samples than actually exist can trigger a heap‑buffer‑overflow (out‑of‑bounds read) in the SampleAuxInfoReader constructor when parsing via heif_context_read_from_file. The reader it...

8.1CVSS5.8AI score0.00302EPSS
cve
cve
added 2025/04/20 12:0 a.m.87 views

CVE-2025-43966

CVE-2025-43966 affects libheif prior to 1.19.6, with a NULL pointer dereference in ImageItem_iden (iden.cc). Root cause: dereference of a null item reference leading to potential crash. Impact: availability may be reduced (per CVSS in public entry). Remediation: upgrade libheif to version 1.19.6 ...

7.5CVSS7.1AI score0.00279EPSS
cve
cve
added 2023/02/24 3:35 a.m.75 views

CVE-2023-0996

CVE-2023-0996 affects libheif (strided image data parsing in the Emscripten wrapper), enabling a crafted image to trigger a buffer overflow in linear memory during memcpy. Connected advisories confirm libheif as the affected component across multiple distros (Debian DLA-3945; Mageia update; Ubunt...

7.8CVSS7.6AI score0.00307EPSS
cve
cve
added 2023/12/07 12:0 a.m.69 views

CVE-2023-49462

CVE-2023-49462 affects libheif 1.17.5, with a segmentation fault in /libheif/exif.cc. The issue can cause instability and, per related advisories, may lead to denial of service; some sources imply potential for broader impact. Affected ecosystems cite multiple vendors (Debian, Mageia, Ubuntu, etc...

8.8CVSS8.6AI score0.00804EPSS
cve
cve
added 2026/05/22 8:49 p.m.68 views

CVE-2026-41069

Summary: CVE-2026-41069 affects libheif up to v1.21.2, where a malformed HEIF sequence can trigger an out-of-bounds read in core sequence parsing, leading to DoS. The issue occurs when stco.entry_count == 0 but saiz.sample_count > 0, causing the SampleAuxInfoReader loop to dereference an empty...

6.5CVSS5.8AI score0.00253EPSS
cve
cve
added 2025/04/07 12:0 a.m.67 views

CVE-2025-29482

CVE-2025-29482 is a Buffer Overflow vulnerability in libheif 1.19.7 that allows a local attacker to execute arbitrary code via SAO (Sample Adaptive Offset) processing in libde265. The issue is triggered by a flaw in the SAO processing path, leading to an out-of-bounds/write condition. The CVSS ve...

6.2CVSS7.8AI score0.00231EPSS
cve
cve
added 2026/05/19 7:22 p.m.67 views

CVE-2026-32740

libheif (HEIF/AVIF decoder/encoder) versions

8.8CVSS5.8AI score0.00514EPSS
cve
cve
added 2021/11/03 4:7 p.m.60 views

CVE-2020-23109

CVE-2020-23109 : A buffer overflow in libheif 1.6.2 (function convert_colorspace in heif_colorconversion.cc) can be triggered by a crafted HEIF file, enabling denial of service and potential information disclosure. Connected advisories confirm affected packages and that a fix is available in libh...

8.1CVSS7.7AI score0.01245EPSS
cve
cve
added 2024/03/05 12:0 a.m.55 views

CVE-2024-25269

CVE-2024-25269 : Upstream reports show that libheif

7.5CVSS6.3AI score0.00687EPSS
cve
cve
added 2023/12/07 12:0 a.m.54 views

CVE-2023-49463

CVE-2023-49463 affects libheif v1.17.5, with a segmentation fault in find_exif_tag (libheif/exif.cc). Public records (NVD) rate the impact as high (CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H; base score 8.8). Several connected advisories reference the same issue alongside other libheif CVEs (...

8.8CVSS8.6AI score0.00768EPSS
cve
cve
added 2023/12/07 12:0 a.m.53 views

CVE-2023-49460

CVE-2023-49460 affects libheif version 1.17.5 where the segmentation violation occurs in UncompressedImageCodec::decode_uncompressed_image. Connected advisories confirm this leads to crashes and potential denial of service under exploitation, with CVSS v3.1 base score 8.8 (NETWORK, HIGH) and no p...

8.8CVSS8.6AI score0.00762EPSS
cve
cve
added 2021/07/21 5:20 p.m.51 views

CVE-2020-19498

The provided connected records confirm a vulnerability in libheif 1.4.0 where a floating-point exception in the Fraction function can lead to a Denial of Service (and possibly other unspecified impacts). Evidence comes from multiple sources (CNVD-2022-06517, SUSE CVE page, Debian osv, OSV entries...

8.8CVSS8.7AI score0.01368EPSS
cve
cve
added 2021/07/21 5:21 p.m.49 views

CVE-2020-19499

CVE-2020-19499 affects libheif 1.4.0, specifically the heif::Box_iref::get_references path. The issue enables Denial of Service (and possibly other unspecified impacts) via an invalid memory read. Multiple connected sources (SUSE, Red Hat, CNVD, OSV, NVD cross-references) confirm the presence of ...

8.8CVSS8.7AI score0.01368EPSS
cve
cve
added 2023/12/07 12:0 a.m.42 views

CVE-2023-49464

CVE-2023-49464 affects libheif, specifically libheif v1.17.5, with a segmentation fault arising from UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. The CVE is listed across multiple advisories (Mageia, OpenVAS/USN feeds, Ubuntu USN) as part of a set of libheif issues, al...

8.8CVSS8.6AI score0.00762EPSS
cve
cve
added 2025/12/29 7:9 p.m.38 views

CVE-2025-68431

CVE-2025-68431 affects libheif prior to version 1.21.0, where a crafted HEIF exploiting the overlay image item path triggers a heap buffer over-read in HeifPixelImage::overlay() . The root cause is a negative row length (likely from an unclipped overlay rectangle or invalid offsets) that underflo...

7.1CVSS6.6AI score0.00267EPSS
cve
cve
added 2026/05/19 7:3 p.m.32 views

CVE-2026-32738

libheif (versions

6.5CVSS5.7AI score0.00301EPSS
cve
cve
added 2026/06/19 5:16 p.m.31 views

CVE-2026-49271

CVE-2026-49271 affects libheif prior to 1.22.1. The uncompressed HEIF decoder validates icef compressed-unit offsets with unit_offset + unit_size, which can wrap and allow constructing iterators outside the compressed item buffer, causing an out-of-bounds heap read and crash. This vulnerability i...

6.5CVSS5.8AI score0.00199EPSS
cve
cve
added 2026/05/19 7:10 p.m.28 views

CVE-2026-32739

libheif (HEIF/AVIF decoder) is affected through versions 1.21.2 and earlier, where a crafted 800-byte HEIF sequence file can trigger an infinite loop in Box_stts::get_sample_duration() during parsing, causing 100% CPU DoS with no progress and no crashログ. The issue is triggered on file open and is...

6.5CVSS5.7AI score0.0032EPSS