Description

An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read.

Related CPE's

a

struktur

libheif

1.4.0

Vulnerable

References

https://github.com/strukturag/libheif/commit/f7399b62d7fbc596f1b2871578c1d2053bedf1dd

PatchThird Party Advisory

https://github.com/strukturag/libheif/issues/138

ExploitThird Party Advisory

Weaknesses

[email protected]

Primary
CWE-125

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-07-21T18:15:09.167

3 years ago

Last modified

2021-07-30T15:12:33.450

3 years ago