CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41311 – Debian Security Advisory 5796-1
https://notcve.org/view.php?id=CVE-2024-41311
15 Oct 2024 — In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. Gerrard Tai discovered that libheif did not properly validate certain images, leading to out-of-bounds read and write vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or to obtain sensitive information. • https://gist.github.com/flyyee/79f1b224069842ee320115cafa5c35c0 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38949
https://notcve.org/view.php?id=CVE-2024-38949
26 Jun 2024 — Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc La vulnerabilidad de desbordamiento de búfer de montón en Libde265 v1.0.15 permite a los atacantes bloquear la aplicación mediante un payload manipulado para mostrar la función 444as420 en sdl.cc • https://github.com/strukturag/libde265/issues/460 • CWE-122: Heap-based Buffer Overflow •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38950
https://notcve.org/view.php?id=CVE-2024-38950
26 Jun 2024 — Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function. La vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en Libde265 v1.0.15 permite a los atacantes bloquear la aplicación mediante un payload manipulado para la función __interceptor_memcpy. • https://github.com/strukturag/libde265/issues/460 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49460 – Ubuntu Security Notice USN-6847-1
https://notcve.org/view.php?id=CVE-2023-49460
07 Dec 2023 — libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image. Se descubrió que libheif v1.17.5 contenía una infracción de segmentación a través de la función UncompressedImageCodec::decode_uncompressed_image. It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. • https://github.com/strukturag/libheif/issues/1046 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49462 – Debian Security Advisory 5796-1
https://notcve.org/view.php?id=CVE-2023-49462
07 Dec 2023 — libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc. Se descubrió que libheif v1.17.5 contenía una infracción de segmentación a través del componente /libheif/exif.cc. Multiple security issues were found in libheif, a library to parse HEIF and AVIF files, which could result in denial of service or potentially the execution of arbitrary code. • https://github.com/strukturag/libheif/issues/1043 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49463
https://notcve.org/view.php?id=CVE-2023-49463
07 Dec 2023 — libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc. Se descubrió que libheif v1.17.5 contenía una infracción de segmentación a través de la función find_exif_tag en /libheif/exif.cc. • https://github.com/strukturag/libheif •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49464
https://notcve.org/view.php?id=CVE-2023-49464
07 Dec 2023 — libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. Se descubrió que libheif v1.17.5 contenía una violación de segmentación a través de la función UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. • https://github.com/strukturag/libheif/issues/1044 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49465 – Ubuntu Security Notice USN-6677-1
https://notcve.org/view.php?id=CVE-2023-49465
07 Dec 2023 — Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc. Se descubrió que Libde265 v1.0.14 contenía una vulnerabilidad de desbordamiento del búfer de almacenamiento dinámico en la función derive_spatial_luma_vector_prediction en motion.cc. It was discovered that libde265 could be made to dereference invalid memory. If a user or automated system were tricked into opening a specially crafted file, an attacker could poss... • https://github.com/strukturag/libde265/issues/435 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49467 – Ubuntu Security Notice USN-6677-1
https://notcve.org/view.php?id=CVE-2023-49467
07 Dec 2023 — Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc. Se descubrió que Libde265 v1.0.14 contenía una vulnerabilidad de desbordamiento del búfer de almacenamiento dinámico en la función derive_combined_bipredictive_merging_candidates en motion.cc. It was discovered that libde265 could be made to dereference invalid memory. If a user or automated system were tricked into opening a specially crafted file, an... • https://github.com/strukturag/libde265/issues/434 • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49468
https://notcve.org/view.php?id=CVE-2023-49468
07 Dec 2023 — Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc. Se descubrió que Libde265 v1.0.14 contenía una vulnerabilidad de desbordamiento de búfer global en la función read_coding_unit en slice.cc. • https://github.com/strukturag/libde265/issues/432 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •