Security: strukturag/libheif
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
libheif: unbounded heap allocation in HEIF sequence parser (stsz fixed-size mode missing bound check)GHSA-jvmp-j3cw-84mh published
May 29, 2026 by farindkHigh -
Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoderGHSA-r7qj-cg5r-r6vf published
May 25, 2026 by farindkModerate -
Out-of-bounds write in inline mask region API when source mask exceeds declared regionGHSA-5hqq-636x-r3cr published
May 25, 2026 by farindkModerate -
libheif 1.21.2: heap OOB read in ImageItem_Grid::decode_grid_tile via irot-induced tile-coordinate underflowGHSA-6x5f-qchq-cxqv published
May 20, 2026 by farindkHigh -
NULL pointer dereference in heif_image_handle_get_image_tiling for malformed unci image missing ispeGHSA-4h72-vqgp-9376 published
May 19, 2026 by farindkModerate -
Heap Information Disclosure via Grid Image Gap + Uninitialized Pixel Plane AllocationGHSA-2vh6-whr3-cmq3 published
May 19, 2026 by farindkHigh -
Integer Overflow in SampleAuxInfoReader Offset CalculationGHSA-95jx-g5vf-cpp8 published
May 19, 2026 by farindkLow -
Heap Out Of Bounds Write in unci subsystemGHSA-5x55-x5pf-9c6g published
May 19, 2026 by farindkCritical -
Incomplete fix for CVE-2026-3949: integer overflow bypass in vvdec_push_data2GHSA-p6q9-fhf2-vj9v published
May 19, 2026 by farindkModerate -
Heap Buffer Overflow in `Track::get_next_sample_raw_data()` -- OOB Chunk Vector AccessGHSA-wqjg-4x9g-6cvg published
May 19, 2026 by farindkModerate
Learn more about advisories related to strukturag/libheif in the GitHub Advisory Database