Libheif
by Strukturag
Source repositories
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0996 | 0.00 | — | 0.00 | Feb 24, 2023 | There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. | |||
| CVE-2020-23109 | 0.00 | — | 0.01 | Nov 3, 2021 | Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file. | |||
| CVE-2020-19499 | 0.00 | — | 0.01 | Jul 21, 2021 | An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read. | |||
| CVE-2020-19498 | 0.00 | — | 0.01 | Jul 21, 2021 | Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts. | |||
| CVE-2019-11471 | 0.00 | — | 0.02 | Apr 23, 2019 | libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images. |
- CVE-2023-0996Feb 24, 2023risk 0.00cvss —epss 0.00
There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.
- CVE-2020-23109Nov 3, 2021risk 0.00cvss —epss 0.01
Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.
- CVE-2020-19499Jul 21, 2021risk 0.00cvss —epss 0.01
An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read.
- CVE-2020-19498Jul 21, 2021risk 0.00cvss —epss 0.01
Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts.
- CVE-2019-11471Apr 23, 2019risk 0.00cvss —epss 0.02
libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images.
Page 2 of 2