Libheif
This hub aggregates every CVE we track for Libheif, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
27
CVEs tracked
0
Critical
15
High
0
In CISA KEV
Severity distribution
HIGH15MEDIUM8LOW4
Monthly trend
0
0
0
1
0
0
0
0
0
3
0
0
0
0
0
0
0
1
0
0
2
0
8
1
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Libheif.
- CVE-2026-49271libheif: Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoder6.5
- CVE-2026-41071libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count8.1
- CVE-2026-41069libheif allows Out-of-bounds vector access leading to invalid dereference (DoS)6.5
- CVE-2026-32882libheif: Heap Buffer OOB Read in overlay compositing due to wrong alpha stride7.1
- CVE-2026-32741libheif has a heap buffer overflow in decode_mask_image()7.1
- CVE-2026-32814libheif: Uninitialized Heap Memory Information Leak via Failed Grid Tiles6.5
- CVE-2026-32740libheif: Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing8.8
- CVE-2026-32739libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration Lookup6.5
- CVE-2026-32738libheif has a Heap OOB Read/SEGV Crash via Zero samples_per_chunk6.5
- CVE-2026-3950strukturag libheif stsz/stts track.cc load out-of-bounds3.3
- CVE-2026-3949strukturag libheif HEIF File decoder_vvdec.cc vvdec_push_data2 out-of-bounds3.3
- CVE-2025-68431libheif has Potential Heap Buffer Over-Read6.5
- CVE-2025-43967libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.2.9
- CVE-2025-43966libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.2.9
- CVE-2025-29482Buffer Overflow vulnerability in libheif 1.19.7 allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265.6.2
Product normalization is registry-driven with AI assist and human review. How it works