
CVE-2025-43967
https://notcve.org/view.php?id=CVE-2025-43967
20 Apr 2025 — libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item. Libheif antes de 1.19.6 tiene un puntero nulo desreferencia en imageItem_grid :: get_decoder en Image-Items/Grid.cc porque una imagen de la cuadrícula puede hacer referencia a un elemento de imagen inexistente. • https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671 • CWE-476: NULL Pointer Dereference •

CVE-2025-43966
https://notcve.org/view.php?id=CVE-2025-43966
20 Apr 2025 — libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc. Libheif antes de 1.19.6 tiene un puntero NULL Derferencia en ImageItem_iden en Image-Items/Iden.cc. • https://github.com/strukturag/libheif/commit/b38555387e4b5dcf036fe45b0c440aca19b7b69c • CWE-476: NULL Pointer Dereference •

CVE-2023-29659 – Ubuntu Security Notice USN-6847-1
https://notcve.org/view.php?id=CVE-2023-29659
05 May 2023 — A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. Reza Mirzazade Farkhani discovered that libheif incorrectly handled certain image data. • https://github.com/strukturag/libheif/issues/794 • CWE-369: Divide By Zero •