Libheif
Monthly
Heap-buffer-overflow in libheif 1.21.2 and prior exposes any application parsing untrusted HEIF sequence files to an out-of-bounds read during file ingestion, with potential for heap memory disclosure or process crash. The flaw is triggered the moment a victim opens a crafted file - no additional interaction beyond file opening is required - making it a practical threat in desktop image viewers, browsers, and media pipelines that embed libheif. No public exploit has been identified at time of analysis, EPSS sits at 0.04% (11th percentile), and a vendor-released patch (v1.22.0) is available, keeping real-world exploitation risk currently assessed as low-moderate despite the memory-corruption class.
Out-of-bounds read in libheif versions 1.21.2 and prior crashes any application that parses attacker-controlled HEIF sequence files, resulting in denial of service. The defect lives in the SampleAuxInfoReader constructor, which enters its processing loop when saiz.sample_count > 0 even though stco.entry_count == 0 left the chunks vector empty; dereferencing chunks[0] then triggers the crash. No public exploit code has been identified at time of analysis, but the attack requires only that a user open or process a specially crafted HEIF file, making it relevant wherever libheif is embedded in image-handling applications (browsers, media libraries, operating-system image stacks). Vendor-released patch v1.22.0 is available.
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available.
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.
Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Heap-buffer-overflow in libheif 1.21.2 and prior exposes any application parsing untrusted HEIF sequence files to an out-of-bounds read during file ingestion, with potential for heap memory disclosure or process crash. The flaw is triggered the moment a victim opens a crafted file - no additional interaction beyond file opening is required - making it a practical threat in desktop image viewers, browsers, and media pipelines that embed libheif. No public exploit has been identified at time of analysis, EPSS sits at 0.04% (11th percentile), and a vendor-released patch (v1.22.0) is available, keeping real-world exploitation risk currently assessed as low-moderate despite the memory-corruption class.
Out-of-bounds read in libheif versions 1.21.2 and prior crashes any application that parses attacker-controlled HEIF sequence files, resulting in denial of service. The defect lives in the SampleAuxInfoReader constructor, which enters its processing loop when saiz.sample_count > 0 even though stco.entry_count == 0 left the chunks vector empty; dereferencing chunks[0] then triggers the crash. No public exploit code has been identified at time of analysis, but the attack requires only that a user open or process a specially crafted HEIF file, making it relevant wherever libheif is embedded in image-handling applications (browsers, media libraries, operating-system image stacks). Vendor-released patch v1.22.0 is available.
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available.
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.
Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.