Shodan
Vulnerabilities
Vulnerable Software
Struktur:  >> Libheif  Security Vulnerabilities
CVE-2025-68431
libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converted to `size_t` and is passed to `memcpy`, causing a very large read past the end of the source plane and a crash. Version 1.21.0 contains a patch. As a workaround, avoid decoding images using `iovl` overlay boxes.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-12-29
CVE-2025-43966
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
CVSS Score
2.9
EPSS Score
0.002
Published
2025-04-21
CVE-2025-43967
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
CVSS Score
2.9
EPSS Score
0.002
Published
2025-04-21
CVE-2025-29482
Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265.
CVSS Score
6.2
EPSS Score
0.001
Published
2025-04-07
CVE-2024-41311
In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.
CVSS Score
8.1
EPSS Score
0.002
Published
2024-10-15
CVE-2024-25269
libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack.
CVSS Score
7.5
EPSS Score
0.0
Published
2024-03-05
CVE-2023-49460
libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-12-07
CVE-2023-49462
libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-12-07
CVE-2023-49463
libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-12-07
CVE-2023-49464
libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-12-07


Products
Pricing
Contact Us

Shodan ® - All rights reserved