CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-41311 – Debian Security Advisory 5796-1
https://notcve.org/view.php?id=CVE-2024-41311
15 Oct 2024 — In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. Gerrard Tai discovered that libheif did not properly validate certain images, leading to out-of-bounds read and write vulnerability. If a user or automated system were tricked into opening a specially crafted file, an attacker could possibly use this issue to cause a denial of service or to obtain sensitive information. • https://gist.github.com/flyyee/79f1b224069842ee320115cafa5c35c0 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49460 – Ubuntu Security Notice USN-6847-1
https://notcve.org/view.php?id=CVE-2023-49460
07 Dec 2023 — libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image. Se descubrió que libheif v1.17.5 contenía una infracción de segmentación a través de la función UncompressedImageCodec::decode_uncompressed_image. It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. • https://github.com/strukturag/libheif/issues/1046 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49462 – Debian Security Advisory 5796-1
https://notcve.org/view.php?id=CVE-2023-49462
07 Dec 2023 — libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc. Se descubrió que libheif v1.17.5 contenía una infracción de segmentación a través del componente /libheif/exif.cc. Multiple security issues were found in libheif, a library to parse HEIF and AVIF files, which could result in denial of service or potentially the execution of arbitrary code. • https://github.com/strukturag/libheif/issues/1043 •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49463
https://notcve.org/view.php?id=CVE-2023-49463
07 Dec 2023 — libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc. Se descubrió que libheif v1.17.5 contenía una infracción de segmentación a través de la función find_exif_tag en /libheif/exif.cc. • https://github.com/strukturag/libheif •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-49464
https://notcve.org/view.php?id=CVE-2023-49464
07 Dec 2023 — libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. Se descubrió que libheif v1.17.5 contenía una violación de segmentación a través de la función UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci. • https://github.com/strukturag/libheif/issues/1044 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-29659 – Ubuntu Security Notice USN-6847-1
https://notcve.org/view.php?id=CVE-2023-29659
05 May 2023 — A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. Reza Mirzazade Farkhani discovered that libheif incorrectly handled certain image data. • https://github.com/strukturag/libheif/issues/794 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0996 – Ubuntu Security Notice USN-6847-1
https://notcve.org/view.php?id=CVE-2023-0996
24 Feb 2023 — There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. • https://github.com/strukturag/libheif/pull/759 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-23109 – Ubuntu Security Notice USN-6847-1
https://notcve.org/view.php?id=CVE-2020-23109
03 Nov 2021 — Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file. Una vulnerabilidad de desbordamiento de búfer en la función convert_colorspace en el archivoheif_colorconversion.cc en libheif versión v1.6.2, permite a atacantes causar una denegación de servicio y revelar información confidencial, por medio de un archivo HEIF diseñado It was discovered that libh... • https://github.com/strukturag/libheif/issues/207 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19499
https://notcve.org/view.php?id=CVE-2020-19499
21 Jul 2021 — An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read. Se ha detectado un problema en la función heif::Box_iref::get_references en libheif versión 1.4.0, que permite a atacantes causar una Denegación de Servicio o posiblemente otro impacto no especificado debido a una lectura de memoria no válida • https://github.com/strukturag/libheif/commit/f7399b62d7fbc596f1b2871578c1d2053bedf1dd • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19498
https://notcve.org/view.php?id=CVE-2020-19498
21 Jul 2021 — Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts. Una excepción de punto flotante en la función Fraction en libheif versión 1.4.0, permite a atacantes causar una Denegación de Servicio o posiblemente otros impactos no especificados • https://github.com/strukturag/libheif/commit/2710c930918609caaf0a664e9c7bc3dce05d5b58 •