22 matches found
CVE-2025-43967
CVE-2025-43967 involves a NULL pointer dereference in libheif
CVE-2019-11471
CVE-2019-11471 affects libheif 1.4.0 with a use-after-free in HeifContext::Image::set_alpha_channel due to mishandling references to non-existing alpha images. Multiple advisories (Mageia MGASA-2019-0290/2024-0243, OSV USN 6847-1, Ubuntu USN 6847-1) indicate this issue can crash the program and c...
CVE-2024-41311
Summary: CVE-2024-41311 affects Libheif 1.17.6 and is tied to an insufficient checks issue in ImageOverlay::parse() when decoding a HEIF with forged overlay offsets, leading to an out-of-bounds read and write. Publicly documented references indicate multiple OSS advisories and vendor responses. A...
CVE-2023-29659
CVE-2023-29659 affects libheif 1.15.1 where a crafted HEIF image can trigger a segmentation fault via the heif::Fraction::round() path in box.cc, leading to denial of service. Connected advisories across major distros confirm this as a vulnerability in the library and reference various patches: D...
CVE-2026-41071
CVE-2026-41071 affects libheif up to version 1.21.2. A crafted HEIF sequence file where the saiz box declares more samples than actually exist can trigger a heap‑buffer‑overflow (out‑of‑bounds read) in the SampleAuxInfoReader constructor when parsing via heif_context_read_from_file. The reader it...
CVE-2025-43966
CVE-2025-43966 affects libheif prior to 1.19.6, with a NULL pointer dereference in ImageItem_iden (iden.cc). Root cause: dereference of a null item reference leading to potential crash. Impact: availability may be reduced (per CVSS in public entry). Remediation: upgrade libheif to version 1.19.6 ...
CVE-2023-0996
CVE-2023-0996 affects libheif (strided image data parsing in the Emscripten wrapper), enabling a crafted image to trigger a buffer overflow in linear memory during memcpy. Connected advisories confirm libheif as the affected component across multiple distros (Debian DLA-3945; Mageia update; Ubunt...
CVE-2023-49462
CVE-2023-49462 affects libheif 1.17.5, with a segmentation fault in /libheif/exif.cc. The issue can cause instability and, per related advisories, may lead to denial of service; some sources imply potential for broader impact. Affected ecosystems cite multiple vendors (Debian, Mageia, Ubuntu, etc...
CVE-2026-41069
Summary: CVE-2026-41069 affects libheif up to v1.21.2, where a malformed HEIF sequence can trigger an out-of-bounds read in core sequence parsing, leading to DoS. The issue occurs when stco.entry_count == 0 but saiz.sample_count > 0, causing the SampleAuxInfoReader loop to dereference an empty...
CVE-2025-29482
CVE-2025-29482 is a Buffer Overflow vulnerability in libheif 1.19.7 that allows a local attacker to execute arbitrary code via SAO (Sample Adaptive Offset) processing in libde265. The issue is triggered by a flaw in the SAO processing path, leading to an out-of-bounds/write condition. The CVSS ve...
CVE-2026-32740
libheif (HEIF/AVIF decoder/encoder) versions
CVE-2020-23109
CVE-2020-23109 : A buffer overflow in libheif 1.6.2 (function convert_colorspace in heif_colorconversion.cc) can be triggered by a crafted HEIF file, enabling denial of service and potential information disclosure. Connected advisories confirm affected packages and that a fix is available in libh...
CVE-2024-25269
CVE-2024-25269 : Upstream reports show that libheif
CVE-2023-49463
CVE-2023-49463 affects libheif v1.17.5, with a segmentation fault in find_exif_tag (libheif/exif.cc). Public records (NVD) rate the impact as high (CVSS v3.1: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H; base score 8.8). Several connected advisories reference the same issue alongside other libheif CVEs (...
CVE-2023-49460
CVE-2023-49460 affects libheif version 1.17.5 where the segmentation violation occurs in UncompressedImageCodec::decode_uncompressed_image. Connected advisories confirm this leads to crashes and potential denial of service under exploitation, with CVSS v3.1 base score 8.8 (NETWORK, HIGH) and no p...
CVE-2020-19498
The provided connected records confirm a vulnerability in libheif 1.4.0 where a floating-point exception in the Fraction function can lead to a Denial of Service (and possibly other unspecified impacts). Evidence comes from multiple sources (CNVD-2022-06517, SUSE CVE page, Debian osv, OSV entries...
CVE-2020-19499
CVE-2020-19499 affects libheif 1.4.0, specifically the heif::Box_iref::get_references path. The issue enables Denial of Service (and possibly other unspecified impacts) via an invalid memory read. Multiple connected sources (SUSE, Red Hat, CNVD, OSV, NVD cross-references) confirm the presence of ...
CVE-2023-49464
CVE-2023-49464 affects libheif, specifically libheif v1.17.5, with a segmentation fault arising from UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. The CVE is listed across multiple advisories (Mageia, OpenVAS/USN feeds, Ubuntu USN) as part of a set of libheif issues, al...
CVE-2025-68431
CVE-2025-68431 affects libheif prior to version 1.21.0, where a crafted HEIF exploiting the overlay image item path triggers a heap buffer over-read in HeifPixelImage::overlay() . The root cause is a negative row length (likely from an unclipped overlay rectangle or invalid offsets) that underflo...
CVE-2026-32738
libheif (versions
CVE-2026-49271
CVE-2026-49271 affects libheif prior to 1.22.1. The uncompressed HEIF decoder validates icef compressed-unit offsets with unit_offset + unit_size, which can wrap and allow constructing iterators outside the compressed item buffer, causing an out-of-bounds heap read and crash. This vulnerability i...
CVE-2026-32739
libheif (HEIF/AVIF decoder) is affected through versions 1.21.2 and earlier, where a crafted 800-byte HEIF sequence file can trigger an infinite loop in Box_stts::get_sample_duration() during parsing, causing 100% CPU DoS with no progress and no crashログ. The issue is triggered on file open and is...