CVE-2023-0996
- EPSS 0.16%
- Veröffentlicht 24.02.2023 04:15:12
- Zuletzt bearbeitet 11.03.2025 21:15:39
There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.
CVE-2020-23109
- EPSS 0.25%
- Veröffentlicht 03.11.2021 17:15:08
- Zuletzt bearbeitet 21.11.2024 05:13:34
Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.
CVE-2020-19498
- EPSS 0.37%
- Veröffentlicht 21.07.2021 18:15:09
- Zuletzt bearbeitet 21.11.2024 05:09:13
Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts.
CVE-2020-19499
- EPSS 0.37%
- Veröffentlicht 21.07.2021 18:15:09
- Zuletzt bearbeitet 21.11.2024 05:09:13
An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read.
CVE-2019-11471
- EPSS 0.27%
- Veröffentlicht 23.04.2019 14:29:00
- Zuletzt bearbeitet 21.11.2024 04:21:08
libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images.