CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43966
https://notcve.org/view.php?id=CVE-2025-43966
20 Apr 2025 — libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc. Libheif antes de 1.19.6 tiene un puntero NULL Derferencia en ImageItem_iden en Image-Items/Iden.cc. • https://github.com/strukturag/libheif/commit/b38555387e4b5dcf036fe45b0c440aca19b7b69c • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-43967
https://notcve.org/view.php?id=CVE-2025-43967
20 Apr 2025 — libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item. Libheif antes de 1.19.6 tiene un puntero nulo desreferencia en imageItem_grid :: get_decoder en Image-Items/Grid.cc porque una imagen de la cuadrícula puede hacer referencia a un elemento de imagen inexistente. • https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671 • CWE-476: NULL Pointer Dereference •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41311 – Debian Security Advisory 5796-1
https://notcve.org/view.php?id=CVE-2024-41311
15 Oct 2024 — In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. Gerrard Tai discovered that libheif did not properly validate certain images, leading to out-of-bounds read and write vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or to obtain sensitive information. • https://gist.github.com/flyyee/79f1b224069842ee320115cafa5c35c0 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38950
https://notcve.org/view.php?id=CVE-2024-38950
26 Jun 2024 — Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function. La vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en Libde265 v1.0.15 permite a los atacantes bloquear la aplicación mediante un payload manipulado para la función __interceptor_memcpy. • https://github.com/strukturag/libde265/issues/460 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38949
https://notcve.org/view.php?id=CVE-2024-38949
26 Jun 2024 — Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc La vulnerabilidad de desbordamiento de búfer de montón en Libde265 v1.0.15 permite a los atacantes bloquear la aplicación mediante un payload manipulado para mostrar la función 444as420 en sdl.cc • https://github.com/strukturag/libde265/issues/460 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49468
https://notcve.org/view.php?id=CVE-2023-49468
07 Dec 2023 — Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc. Se descubrió que Libde265 v1.0.14 contenía una vulnerabilidad de desbordamiento de búfer global en la función read_coding_unit en slice.cc. • https://github.com/strukturag/libde265/issues/432 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49462 – Debian Security Advisory 5796-1
https://notcve.org/view.php?id=CVE-2023-49462
07 Dec 2023 — libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc. Se descubrió que libheif v1.17.5 contenía una infracción de segmentación a través del componente /libheif/exif.cc. Multiple security issues were found in libheif, a library to parse HEIF and AVIF files, which could result in denial of service or potentially the execution of arbitrary code. • https://github.com/strukturag/libheif/issues/1043 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49465 – Ubuntu Security Notice USN-6677-1
https://notcve.org/view.php?id=CVE-2023-49465
07 Dec 2023 — Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc. Se descubrió que Libde265 v1.0.14 contenía una vulnerabilidad de desbordamiento del búfer de almacenamiento dinámico en la función derive_spatial_luma_vector_prediction en motion.cc. It was discovered that libde265 could be made to dereference invalid memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could poss... • https://github.com/strukturag/libde265/issues/435 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49467 – Ubuntu Security Notice USN-6677-1
https://notcve.org/view.php?id=CVE-2023-49467
07 Dec 2023 — Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc. Se descubrió que Libde265 v1.0.14 contenía una vulnerabilidad de desbordamiento del búfer de almacenamiento dinámico en la función derive_combined_bipredictive_merging_candidates en motion.cc. It was discovered that libde265 could be made to dereference invalid memory. If a user or automated system were tricked into opening a specially crafted file, an... • https://github.com/strukturag/libde265/issues/434 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49464
https://notcve.org/view.php?id=CVE-2023-49464
07 Dec 2023 — libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. Se descubrió que libheif v1.17.5 contenía una violación de segmentación a través de la función UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. • https://github.com/strukturag/libheif/issues/1044 •