CVE search results

1 – 10 of 12 results

Detailed view

Sort by:

CVE-2024-41311

Medium priority

Fixed

In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.

1 affected package

libheif

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libheif	Fixed	Not affected	Not affected	Not affected	—

CVE-2024-25269

Negligible priority

Needs evaluation

libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack.

1 affected package

libheif

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libheif	Needs evaluation	Needs evaluation	Needs evaluation	Needs evaluation	—

CVE-2023-49464

Medium priority

Some fixes available 1 of 2

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.

1 affected package

libheif

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libheif	Not affected	Not affected	Not affected	Not affected	Ignored

CVE-2023-49463

Medium priority

Some fixes available 1 of 2

libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.

1 affected package

libheif

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libheif	Not affected	Not affected	Not affected	Not affected	Ignored

CVE-2023-49462

Medium priority

Some fixes available 1 of 2

libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.

1 affected package

libheif

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libheif	Not affected	Not affected	Not affected	Not affected	Ignored

CVE-2023-49460

Medium priority

Some fixes available 1 of 2

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.

1 affected package

libheif

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libheif	Not affected	Not affected	Not affected	Not affected	Ignored

CVE-2023-29659

Medium priority

Some fixes available 2 of 4

A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.

1 affected package

libheif

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libheif	Not affected	Fixed	Fixed	Not affected	Ignored

CVE-2023-0996

Medium priority

Some fixes available 2 of 3

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.

1 affected package

libheif

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libheif	Not affected	Fixed	Fixed	Not affected	Ignored

CVE-2020-23109

Medium priority

Some fixes available 1 of 6

Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.

1 affected package

libheif

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libheif	Not affected	Not affected	Fixed	Ignored	Ignored

CVE-2020-19499

Medium priority

Not affected

An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read.

1 affected package

libheif

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS	16.04 LTS
libheif	—	Not affected	Not affected	Not affected	Ignored

Export to JSON

Results by page:

Search CVE reports