Every CVE whose affected-product data names Struktur Libheif, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (22)
CVE-2023-49463 — CVSS 8.8 (high): libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.
CVE-2023-49464 — CVSS 8.8 (high): libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_con…
CVE-2020-19499 — CVSS 8.8 (high): An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other…
CVE-2020-19498 — CVSS 8.8 (high): Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified…
CVE-2026-32740 — CVSS 8.8 (high): libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability…
CVE-2019-11471 — CVSS 8.8 (high): libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles…
CVE-2023-49460 — CVSS 8.8 (high): libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.
CVE-2023-49462 — CVSS 8.8 (high): libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.
CVE-2024-41311 — CVSS 8.1 (high): In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can…
CVE-2020-23109 — CVSS 8.1 (high): Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a…
CVE-2026-41071 — CVSS 8.1 (high): libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box…
CVE-2023-0996 — CVSS 7.8 (high): There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this…
CVE-2024-25269 — CVSS 7.5 (high): libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service…
CVE-2026-32738 — CVSS 6.5 (medium): libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with…
CVE-2026-32739 — CVSS 6.5 (medium): libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an…
CVE-2026-41069 — CVSS 6.5 (medium): libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an…
CVE-2026-49271 — CVSS 6.5 (medium): libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef…
CVE-2025-68431 — CVSS 6.5 (medium): libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item…
CVE-2023-29659 — CVSS 6.5 (medium): A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round()…
CVE-2025-29482 — CVSS 6.2 (medium): Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset)…
CVE-2025-43967 — CVSS 2.9 (low): libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can…
CVE-2025-43966 — CVSS 2.9 (low): libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.