Struktur

struktur

79 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (79)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-41071 1Struktur 1Libheif May 27, 2026 May 22, 2026 5.1 MEDIUM· v4 8.1 HIGH· v3 N/A· v2 libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap...Show more libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow (out-of-bounds read) in the SampleAuxInfoReader constructor. The SampleAuxInfoReader constructor iterates over saiz->get_num_samples() samples but doesn't validate that this count is consistent with the number of chunks in the chunks vector. When saiz declares more samples than the chunks cover, the loop increments current_chunk past chunks.size(), causing an out-of-bounds read on the chunks vector. The vulnerability is triggered during file parsing (heif_context_read_from_file) without any additional user interaction. Any application using libheif to open untrusted HEIF files is affected. This issue has been fixed in version 1.22.0.Show less
CVE-2026-41069 1Struktur 1Libheif May 27, 2026 May 22, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can...Show more libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entry_count == 0 (creating no chunks) while still passing validation because saio.entry_count == 0 matches, but with saiz.sample_count > 0 the SampleAuxInfoReader constructor still enters its loop. This leads to an out-of-bounds dereference on the empty chunks[0] in chunked mode.Show less
CVE-2026-32740 1Struktur 1Libheif May 21, 2026 May 19, 2026 N/A· v4 8.8 HIGH· v3 N/A· v2 libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully att...Show more libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by crafting a HEIF/AVIF file with a 1×4 grid of odd-height tiles. The overflow is triggered during normal image decoding with default build configuration. The written bytes are chroma (Cb/Cr) pixel values from the attacking tile, giving the attacker full control over the overflow content. This issue has been fixed in version 1.22.0.Show less
CVE-2026-32739 1Struktur 1Libheif May 20, 2026 May 19, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 100% CPU indefinitely...Show more libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and is triggered during file open (parsing) - before any user interaction or image decoding. The process stays alive (no crash, no error logged), making it invisible to crash-based monitoring. This issue has been fixed in version 1.22.0.Show less
CVE-2026-32738 1Struktur 1Libheif May 20, 2026 May 19, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer underflow in the Chunk c...Show more libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor (m_last_sample = 0 + 0 - 1 = UINT32_MAX), mapping all samples to an empty chunk and resulting in a denial of service. When any sample is accessed, the library reads from index 0 of an empty std::vector, causing a guaranteed SEGV (null-page read). The file parses successfully without producing an error; the crash occurs on the first frame access. This issue has been fixed in version 1.22.0.Show less
CVE-2026-33165 1Struktur 1Libde265 Mar 23, 2026 Mar 20, 2026 N/A· v4 5.0 MEDIUM· v3 N/A· v2 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctb_info.log2...Show more libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctb_info.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay constant but Log2CtbSizeY changes, causing set_SliceHeaderIndex to index past the allocated image metadata array and write 2 bytes past the end of a heap allocation. This issue has been patched in version 1.0.17.Show less
CVE-2026-33164 1Struktur 1Libde265 Mar 23, 2026 Mar 20, 2026 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic_parameter_set::set_derived_values(). This issue has been patc...Show more libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a malformed H.265 PPS NAL unit causes a segmentation fault in pic_parameter_set::set_derived_values(). This issue has been patched in version 1.0.17.Show less
CVE-2025-61147 1Struktur 1Libde265 Mar 24, 2026 Feb 23, 2026 N/A· v4 6.2 MEDIUM· v3 N/A· v2 strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table().
CVE-2025-68431 1Struktur 1Libheif Feb 25, 2026 Dec 29, 2025 N/A· v4 7.1 HIGH· v3 N/A· v2 libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The functio...Show more libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converted to `size_t` and is passed to `memcpy`, causing a very large read past the end of the source plane and a crash. Version 1.21.0 contains a patch. As a workaround, avoid decoding images using `iovl` overlay boxes.Show less
CVE-2025-43967 1Struktur 1Libheif May 8, 2025 Apr 21, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
CVE-2025-43966 1Struktur 1Libheif May 8, 2025 Apr 21, 2025 N/A· v4 7.5 HIGH· v3 N/A· v2 libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
CVE-2025-29482 1Struktur 1Libheif Apr 15, 2025 Apr 7, 2025 N/A· v4 6.2 MEDIUM· v3 N/A· v2 Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265.
CVE-2024-41311 2Debian Struktur 2Debian Linux Libheif Mar 24, 2025 Oct 15, 2024 N/A· v4 8.1 HIGH· v3 N/A· v2 In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.
CVE-2024-38950 1Struktur 1Libde265 Jun 6, 2025 Jun 26, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to __interceptor_memcpy function.
CVE-2024-38949 1Struktur 1Libde265 Jun 6, 2025 Jun 26, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Heap Buffer Overflow vulnerability in Libde265 v1.0.15 allows attackers to crash the application via crafted payload to display444as420 function at sdl.cc
CVE-2024-25269 1Struktur 1Libheif Mar 24, 2025 Mar 5, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack.
CVE-2023-49468 1Struktur 1Libde265 Nov 21, 2024 Dec 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Libde265 v1.0.14 was discovered to contain a global buffer overflow vulnerability in the read_coding_unit function at slice.cc.
CVE-2023-49467 1Struktur 1Libde265 Nov 21, 2024 Dec 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_combined_bipredictive_merging_candidates function at motion.cc.
CVE-2023-49465 1Struktur 1Libde265 Nov 21, 2024 Dec 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Libde265 v1.0.14 was discovered to contain a heap-buffer-overflow vulnerability in the derive_spatial_luma_vector_prediction function at motion.cc.
CVE-2023-49464 1Struktur 1Libheif Nov 21, 2024 Dec 7, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.

12 3 4 Next