Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

libheif — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in libheif, with AI-generated Chinese analysis, references, and POCs.

This page aggregates common vulnerabilities associated with the libheif library developed by the libheif vendor. It focuses on security weaknesses that could potentially impact systems relying on this high-efficiency image file format library for handling HEIF and HEIC images. The collected data encompasses a wide range of vulnerability types, including buffer overflows, use-after-free errors, integer overflows, and improper input validation issues within the decoding and encoding processes. The records cover historical and recent security advisories spanning from the early adoption of the format to the most recent updates. By centralizing these entries, the page provides a comprehensive timeline of security flaws identified in the product over time. Visitors to this resource can track vendor-specific advisories to stay informed about patches and mitigations released for libheif. Users can also analyze trends within specific weakness classes to understand how similar bugs have manifested across different versions. Furthermore, developers and security analysts can look up the product’s vulnerability history to assess the overall security posture of the library. This aggregated view helps in making informed decisions about library upgrades and risk management strategies without needing to search through multiple disparate sources. The information is presented to facilitate better understanding of the security landscape surrounding this critical multimedia component.

Vendor: Struktur

CVE IDTitleCVSSSeverityPublished
CVE-2026-49271 libheif: Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoder CWE-125 6.5 Medium2026-06-19
CVE-2026-41071 libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count CWE-125--2026-05-22
CVE-2026-41069 libheif allows Out-of-bounds vector access leading to invalid dereference (DoS) CWE-125 6.5 Medium2026-05-22
CVE-2026-32882 libheif: Heap Buffer OOB Read in overlay compositing due to wrong alpha stride CWE-125 7.1 High2026-05-19
CVE-2026-32741 libheif has a heap buffer overflow in decode_mask_image() CWE-122 7.1 High2026-05-19
CVE-2026-32814 libheif: Uninitialized Heap Memory Information Leak via Failed Grid Tiles CWE-200 6.5 Medium2026-05-19
CVE-2026-32740 libheif: Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing CWE-787 8.8 High2026-05-19
CVE-2026-32739 libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration Lookup CWE-835 6.5 Medium2026-05-19
CVE-2026-32738 libheif has a Heap OOB Read/SEGV Crash via Zero samples_per_chunk CWE-125 6.5 Medium2026-05-19
CVE-2026-3950 strukturag libheif stsz/stts track.cc load out-of-bounds CWE-125 3.3 Low2026-03-11
CVE-2026-3949 strukturag libheif HEIF File decoder_vvdec.cc vvdec_push_data2 out-of-bounds CWE-125 3.3 Low2026-03-11
CVE-2025-68431 libheif has Potential Heap Buffer Over-Read CWE-125 6.5 Medium2025-12-29
CVE-2025-43967 libheif 代码问题漏洞 CWE-476 2.9 Low2025-04-20
CVE-2025-43966 libheif 代码问题漏洞 CWE-476 2.9 Low2025-04-20
CVE-2023-0996 libheif 安全漏洞 CWE-120 7.8 -2023-02-24

All 15 known CVE vulnerabilities affecting libheif with full Chinese analysis, references, and POCs where available.