Struktur Libheif vulnerabilities

16 known vulnerabilities affecting struktur/libheif.

Total CVEs
16
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH14MEDIUM2

Vulnerabilities

Page 1 of 1
CVE-2025-68431HIGHCVSS 7.1fixed in 1.21.02025-12-29
CVE-2025-68431 [HIGH] CWE-125 CVE-2025-68431: libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converte
nvdosv
CVE-2025-43966HIGHCVSS 7.5fixed in 1.19.62025-04-21
CVE-2025-43966 [HIGH] CWE-476 CVE-2025-43966: libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc. libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
nvdosv
CVE-2025-43967HIGHCVSS 7.5fixed in 1.19.62025-04-21
CVE-2025-43967 [HIGH] CWE-476 CVE-2025-43967: libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/g libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
nvdosv
CVE-2025-29482MEDIUMCVSS 6.2v1.19.72025-04-07
CVE-2025-29482 [MEDIUM] CWE-120 CVE-2025-29482: Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code vi Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265.
nvd
CVE-2024-41311HIGHCVSS 8.1v1.17.62024-10-15
CVE-2024-41311 [HIGH] CWE-125 CVE-2024-41311: In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an o In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.
nvdosv
CVE-2024-25269HIGHCVSS 7.5≤ 1.17.62024-03-05
CVE-2024-25269 [HIGH] CWE-400 CVE-2024-25269: libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an at libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack.
nvdosv
CVE-2023-49464HIGHCVSS 8.8v1.17.52023-12-07
CVE-2023-49464 [HIGH] CVE-2023-49464: libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImag libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.
nvdosv
CVE-2023-49463HIGHCVSS 8.8v1.17.52023-12-07
CVE-2023-49463 [HIGH] CVE-2023-49463: libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.
nvdosv
CVE-2023-49462HIGHCVSS 8.8v1.17.52023-12-07
CVE-2023-49462 [HIGH] CVE-2023-49462: libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.c libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.
nvdosv
CVE-2023-49460HIGHCVSS 8.8v1.17.52023-12-07
CVE-2023-49460 [HIGH] CVE-2023-49460: libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImag libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.
nvdosv
CVE-2023-29659MEDIUMCVSS 6.5v1.15.12023-05-05
CVE-2023-29659 [MEDIUM] CWE-369 CVE-2023-29659: A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted hei A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.
nvdosv
CVE-2023-0996HIGHCVSS 7.8v1.14.22023-02-24
CVE-2023-0996 [HIGH] CWE-120 CVE-2023-0996: There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libhe There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.
nvdosv
CVE-2020-23109HIGHCVSS 8.1v1.6.22021-11-03
CVE-2020-23109 [HIGH] CWE-120 CVE-2020-23109: Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.
nvdosv
CVE-2020-19499HIGHCVSS 8.8v1.4.02021-07-21
CVE-2020-19499 [HIGH] CWE-125 CVE-2020-19499: An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to caus An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read.
nvdosv
CVE-2020-19498HIGHCVSS 8.8v1.4.02021-07-21
CVE-2020-19498 [HIGH] CVE-2020-19498: Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial o Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts.
nvdosv
CVE-2019-11471HIGHCVSS 8.8v1.4.02019-04-23
CVE-2019-11471 [HIGH] CWE-416 CVE-2019-11471: libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images.
nvdosv