Strukturag Libheif vulnerabilities
3 known vulnerabilities affecting strukturag/libheif.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2026-3949MEDIUMCVSS 4.8v1.21.0v1.21.1+1 more2026-03-11
CVE-2026-3949 [MEDIUM] CWE-119 CVE-2026-3949: A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_p
A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and
nvd
CVE-2026-3950MEDIUMCVSS 4.8v1.21.0v1.21.1+1 more2026-03-11
CVE-2026-3950 [MEDIUM] CWE-119 CVE-2026-3950: A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. Applying a patch is the recommended acti
nvd
CVE-2025-68431HIGHCVSS 7.1fixed in 1.21.02025-12-29
CVE-2025-68431 [HIGH] CWE-125 CVE-2025-68431: libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF
libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converte
nvd