Struktur Libheif
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Struktur Libheif.
By the Year
In 2026 there have been 0 vulnerabilities in Struktur Libheif. Last year, in 2025 Libheif had 3 security vulnerabilities published. Right now, Libheif is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 3 | 7.50 |
| 2024 | 2 | 8.10 |
| 2023 | 6 | 8.25 |
| 2022 | 0 | 0.00 |
| 2021 | 3 | 8.10 |
| 2020 | 0 | 0.00 |
| 2019 | 1 | 8.80 |
It may take a day or so for new Libheif vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Struktur Libheif Security Vulnerabilities
NULL deref in libheif <1.19.6 grid image handler
CVE-2025-43967
7.5 - High
- April 21, 2025
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
NULL Pointer Dereference
NULL Pointer Deref in libheif <1.19.6 (ImageItem_iden)
CVE-2025-43966
7.5 - High
- April 21, 2025
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
NULL Pointer Dereference
libheif 1.19.7 SAO Buffer Overflow via libde265
CVE-2025-29482
- April 07, 2025
Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265.
libheif 1.17.6 ImageOverlay::parse OOB Read/Write
CVE-2024-41311
8.1 - High
- October 15, 2024
In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.
Out-of-bounds Read
Denial of Service via JpegEncoder::Encode Memory Leak in libheif <=1.17.6
CVE-2024-25269
- March 05, 2024
libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack.
libheif v1.17.5 UncompressedImageCodec segfault vulnerability
CVE-2023-49464
8.8 - High
- December 07, 2023
libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.
libheif v1.17.5: Segmentation Violation in find_exif_tag (EXIF parsing)
CVE-2023-49463
8.8 - High
- December 07, 2023
libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.
Segmentation Fault in libheif v1.17.5 via Exif.cc
CVE-2023-49462
8.8 - High
- December 07, 2023
libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.
Segfault in libheif v1.17.5 via UncompressedImageCodec::decode_uncompressed_image
CVE-2023-49460
8.8 - High
- December 07, 2023
libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.
Segmentation Fault DoS in libheif 1.15.1 via heif::Fraction::round() in box.cc
CVE-2023-29659
6.5 - Medium
- May 05, 2023
A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.
Divide By Zero
Libheif Emscripten Wrapper Buffer Overflow via Crafted Image
CVE-2023-0996
7.8 - High
- February 24, 2023
There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.
Classic Buffer Overflow
Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2
CVE-2020-23109
8.1 - High
- November 03, 2021
Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.
Classic Buffer Overflow
An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0
CVE-2020-19499
- July 21, 2021
An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read.
Floating point exception in function Fraction in libheif 1.4.0
CVE-2020-19498
- July 21, 2021
Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts.
libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h
CVE-2019-11471
8.8 - High
- April 23, 2019
libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images.
Dangling pointer
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Struktur Libheif or by Struktur? Click the Watch button to subscribe.
