VYPR
Vendor

Strukturag

Products
2
CVEs
84
Across products
85
Status
Private

Products

2

Recent CVEs

84
View all 84 CVEs →
  • CVE-2026-32740HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap…

  • CVE-2026-41071HigMay 22, 2026
    risk 0.53cvss 8.1epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow (out-of-bounds read) in the…

  • CVE-2026-32882HigMay 19, 2026
    risk 0.46cvss 7.1epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay() in libheif/pixelimage.cc. When compositing an overlay image (iovl) whose child image has a different bit depth for the alpha channel…

  • CVE-2026-32741HigMay 19, 2026
    risk 0.46cvss 7.1epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a HEIF file containing a mask image (mski), the function copies the full iloc extent data into a pixel…

  • CVE-2026-32814MedMay 19, 2026
    risk 0.42cvss 6.5epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to decode and the library returns heif_error_Ok with no indication of failure,…

  • CVE-2026-32739MedMay 19, 2026
    risk 0.42cvss 6.5epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no…

  • CVE-2026-32738MedMay 19, 2026
    risk 0.42cvss 6.5epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor (m_last_sample = 0 + 0 - 1 = UINT32_MAX),…

  • CVE-2026-41069MedMay 22, 2026
    risk 0.35cvss 6.5epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entry_count == 0 (creating no chunks) while…

  • CVE-2026-3950LowMar 11, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is…

  • CVE-2026-3949LowMar 11, 2026
    risk 0.21cvss 3.3epss 0.00

    A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack…

  • CVE-2023-51792LowApr 19, 2024
    risk 0.21cvss 3.3epss 0.00

    Buffer Overflow vulnerability in libde265 v1.0.12 allows a local attacker to cause a denial of service via the allocation size exceeding the maximum supported size of 0x10000000000.

  • CVE-2026-49346Jun 19, 2026
    risk 0.00cvss epss 0.00

    libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in `de265_image_get_buffer()` (`libde265/image.cc:128`). The overflow wraps the…

  • CVE-2026-49295Jun 19, 2026
    risk 0.00cvss epss 0.00

    libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in `decoder_context::process_reference_picture_set()` (`libde265/decctx.cc:1376`). The root cause is a missing aggregate…

  • CVE-2026-49337Jun 19, 2026
    risk 0.00cvss epss 0.00

    libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes `decoder_context::read_slice_NAL()` (`libde265/decctx.cc:481`) to attach slice headers to a finished picture object that has no active image…

  • CVE-2026-49271Jun 19, 2026
    risk 0.00cvss epss 0.00

    libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unit_offset + unit_size. Because the addition can wrap, a crafted HEIF file can pass the range check and then…

  • CVE-2026-33164Mar 20, 2026
    risk 0.00cvss epss 0.00

    libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic_parameter_set::set_derived_values(). This issue has been patched in version 1.0.17.

  • CVE-2026-33165Mar 20, 2026
    risk 0.00cvss epss 0.00

    libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctb_info.log2unitSize after an SPS change where PicWidthInCtbsY and…

  • CVE-2025-61147Feb 23, 2026
    risk 0.00cvss epss 0.00

    strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table().

  • CVE-2025-68431Dec 29, 2025
    risk 0.00cvss epss 0.00

    libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped…

  • CVE-2025-43967Apr 20, 2025
    risk 0.00cvss epss 0.00

    libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.