{"url":"http://public2.vulnerablecode.io/api/packages/101986?format=json","purl":"pkg:deb/debian/libheif@1.19.8-1?distro=trixie","type":"deb","namespace":"debian","name":"libheif","version":"1.19.8-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.21.2-1","latest_non_vulnerable_version":"1.21.2-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76272?format=json","vulnerability_id":"VCID-17ft-2q9q-juby","summary":"libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converted to `size_t` and is passed to `memcpy`, causing a very large read past the end of the source plane and a crash. Version 1.21.0 contains a patch. As a workaround, avoid decoding images using `iovl` overlay boxes.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68431","reference_id":"","reference_type":"","scores":[{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13367","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13331","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00043","scoring_system":"epss","scoring_elements":"0.13372","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16032","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.16009","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-68431"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68431","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68431"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124317","reference_id":"1124317","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1124317"},{"reference_url":"https://github.com/strukturag/libheif/commit/b8c12a7b70f46c9516711a988483bed377b78d46","reference_id":"b8c12a7b70f46c9516711a988483bed377b78d46","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T21:54:12Z/"}],"url":"https://github.com/strukturag/libheif/commit/b8c12a7b70f46c9516711a988483bed377b78d46"},{"reference_url":"https://github.com/strukturag/libheif/security/advisories/GHSA-j87x-4gmq-cqfq","reference_id":"GHSA-j87x-4gmq-cqfq","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T21:54:12Z/"}],"url":"https://github.com/strukturag/libheif/security/advisories/GHSA-j87x-4gmq-cqfq"},{"reference_url":"https://usn.ubuntu.com/7952-1/","reference_id":"USN-7952-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7952-1/"},{"reference_url":"https://github.com/strukturag/libheif/releases/tag/v1.21.0","reference_id":"v1.21.0","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-30T21:54:12Z/"}],"url":"https://github.com/strukturag/libheif/releases/tag/v1.21.0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102012?format=json","purl":"pkg:deb/debian/libheif@1.21.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.21.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101985?format=json","purl":"pkg:deb/debian/libheif@1.21.2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pcmd-srrp-wygh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.21.2-4%3Fdistro=trixie"}],"aliases":["CVE-2025-68431"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-17ft-2q9q-juby"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76260?format=json","vulnerability_id":"VCID-2v89-adg3-ebg1","summary":"Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-19498","reference_id":"","reference_type":"","scores":[{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.5923","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.5928","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.59283","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.59274","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.59256","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.59273","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-19498"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19498","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19498"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101987?format=json","purl":"pkg:deb/debian/libheif@1.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101983?format=json","purl":"pkg:deb/debian/libheif@1.11.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.11.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101981?format=json","purl":"pkg:deb/debian/libheif@1.15.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.15.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101986?format=json","purl":"pkg:deb/debian/libheif@1.19.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101985?format=json","purl":"pkg:deb/debian/libheif@1.21.2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pcmd-srrp-wygh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.21.2-4%3Fdistro=trixie"}],"aliases":["CVE-2020-19498"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2v89-adg3-ebg1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76262?format=json","vulnerability_id":"VCID-3ah8-3x9t-87fp","summary":"There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0996","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39899","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39982","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39984","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39957","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.3993","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39947","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0996"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0996","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0996"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032101","reference_id":"1032101","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1032101"},{"reference_url":"https://github.com/strukturag/libheif/pull/759","reference_id":"759","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-11T20:46:37Z/"}],"url":"https://github.com/strukturag/libheif/pull/759"},{"reference_url":"https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html","reference_id":"CVE-2023-0996.html","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-03-11T20:46:37Z/"}],"url":"https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html"},{"reference_url":"https://usn.ubuntu.com/6847-1/","reference_id":"USN-6847-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6847-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101983?format=json","purl":"pkg:deb/debian/libheif@1.11.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.11.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101993?format=json","purl":"pkg:deb/debian/libheif@1.11.0-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.11.0-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101992?format=json","purl":"pkg:deb/debian/libheif@1.15.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.15.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101981?format=json","purl":"pkg:deb/debian/libheif@1.15.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.15.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101986?format=json","purl":"pkg:deb/debian/libheif@1.19.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101985?format=json","purl":"pkg:deb/debian/libheif@1.21.2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pcmd-srrp-wygh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.21.2-4%3Fdistro=trixie"}],"aliases":["CVE-2023-0996"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ah8-3x9t-87fp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76263?format=json","vulnerability_id":"VCID-5f4s-9v4v-5ya4","summary":"A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29659","reference_id":"","reference_type":"","scores":[{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32966","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32954","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.32934","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.3299","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00134","scoring_system":"epss","scoring_elements":"0.33004","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-29659"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29659","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29659"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/strukturag/libheif/commit/e05e15b57a38ec411cb9acb38512a1c36ff62991","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/strukturag/libheif/commit/e05e15b57a38ec411cb9acb38512a1c36ff62991"},{"reference_url":"https://github.com/strukturag/libheif/issues/794","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T19:08:46Z/"}],"url":"https://github.com/strukturag/libheif/issues/794"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29659","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29659"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035607","reference_id":"1035607","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035607"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ/","reference_id":"CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T19:08:46Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L/","reference_id":"LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-29T19:08:46Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L/"},{"reference_url":"https://usn.ubuntu.com/6847-1/","reference_id":"USN-6847-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6847-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101983?format=json","purl":"pkg:deb/debian/libheif@1.11.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.11.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101993?format=json","purl":"pkg:deb/debian/libheif@1.11.0-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.11.0-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101981?format=json","purl":"pkg:deb/debian/libheif@1.15.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.15.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101996?format=json","purl":"pkg:deb/debian/libheif@1.16.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.16.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101986?format=json","purl":"pkg:deb/debian/libheif@1.19.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101985?format=json","purl":"pkg:deb/debian/libheif@1.21.2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pcmd-srrp-wygh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.21.2-4%3Fdistro=trixie"}],"aliases":["CVE-2023-29659","GHSA-22fx-6r9m-r8h9"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5f4s-9v4v-5ya4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76266?format=json","vulnerability_id":"VCID-84z5-kbwp-uqb3","summary":"libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49463","reference_id":"","reference_type":"","scores":[{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40877","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40882","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40851","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.4082","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00191","scoring_system":"epss","scoring_elements":"0.40831","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49463"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49463","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49463"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059151","reference_id":"1059151","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059151"},{"reference_url":"https://usn.ubuntu.com/6847-1/","reference_id":"USN-6847-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6847-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101999?format=json","purl":"pkg:deb/debian/libheif@1.17.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.17.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101986?format=json","purl":"pkg:deb/debian/libheif@1.19.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101985?format=json","purl":"pkg:deb/debian/libheif@1.21.2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pcmd-srrp-wygh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.21.2-4%3Fdistro=trixie"}],"aliases":["CVE-2023-49463"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-84z5-kbwp-uqb3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76270?format=json","vulnerability_id":"VCID-gzr3-wtqn-m3ef","summary":"libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43966","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34401","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34445","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34461","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34425","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34382","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43966"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/strukturag/libheif/commit/b38555387e4b5dcf036fe45b0c440aca19b7b69c","reference_id":"b38555387e4b5dcf036fe45b0c440aca19b7b69c","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:11:29Z/"}],"url":"https://github.com/strukturag/libheif/commit/b38555387e4b5dcf036fe45b0c440aca19b7b69c"},{"reference_url":"https://github.com/strukturag/libheif/compare/v1.19.5...v1.19.6","reference_id":"v1.19.5...v1.19.6","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:11:29Z/"}],"url":"https://github.com/strukturag/libheif/compare/v1.19.5...v1.19.6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101997?format=json","purl":"pkg:deb/debian/libheif@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101983?format=json","purl":"pkg:deb/debian/libheif@1.11.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.11.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101981?format=json","purl":"pkg:deb/debian/libheif@1.15.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.15.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102009?format=json","purl":"pkg:deb/debian/libheif@1.19.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101986?format=json","purl":"pkg:deb/debian/libheif@1.19.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101985?format=json","purl":"pkg:deb/debian/libheif@1.21.2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pcmd-srrp-wygh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.21.2-4%3Fdistro=trixie"}],"aliases":["CVE-2025-43966"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gzr3-wtqn-m3ef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76271?format=json","vulnerability_id":"VCID-jedx-5v2m-vygg","summary":"libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43967","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27323","published_at":"2026-06-05T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27193","published_at":"2026-06-09T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27183","published_at":"2026-06-08T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27231","published_at":"2026-06-07T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27272","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-43967"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/strukturag/libheif/issues/1455","reference_id":"1455","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:10:20Z/"}],"url":"https://github.com/strukturag/libheif/issues/1455"},{"reference_url":"https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671","reference_id":"6e35af7b0ff9fb6cc952a1539590d160db32f671","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:10:20Z/"}],"url":"https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671"},{"reference_url":"https://github.com/strukturag/libheif/compare/v1.19.5...v1.19.6","reference_id":"v1.19.5...v1.19.6","reference_type":"","scores":[{"value":"2.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T02:10:20Z/"}],"url":"https://github.com/strukturag/libheif/compare/v1.19.5...v1.19.6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101997?format=json","purl":"pkg:deb/debian/libheif@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101983?format=json","purl":"pkg:deb/debian/libheif@1.11.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.11.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101981?format=json","purl":"pkg:deb/debian/libheif@1.15.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.15.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102009?format=json","purl":"pkg:deb/debian/libheif@1.19.7-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.7-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101986?format=json","purl":"pkg:deb/debian/libheif@1.19.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101985?format=json","purl":"pkg:deb/debian/libheif@1.21.2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pcmd-srrp-wygh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.21.2-4%3Fdistro=trixie"}],"aliases":["CVE-2025-43967"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jedx-5v2m-vygg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76259?format=json","vulnerability_id":"VCID-mka1-4my3-r7ej","summary":"libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11471","reference_id":"","reference_type":"","scores":[{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50804","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50864","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50869","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50848","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50817","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00272","scoring_system":"epss","scoring_elements":"0.50834","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11471"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11471","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11471"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928210","reference_id":"928210","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928210"},{"reference_url":"https://usn.ubuntu.com/6847-1/","reference_id":"USN-6847-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6847-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101982?format=json","purl":"pkg:deb/debian/libheif@1.3.2-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.3.2-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101983?format=json","purl":"pkg:deb/debian/libheif@1.11.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.11.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101981?format=json","purl":"pkg:deb/debian/libheif@1.15.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.15.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101986?format=json","purl":"pkg:deb/debian/libheif@1.19.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101985?format=json","purl":"pkg:deb/debian/libheif@1.21.2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pcmd-srrp-wygh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.21.2-4%3Fdistro=trixie"}],"aliases":["CVE-2019-11471"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mka1-4my3-r7ej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/65090?format=json","vulnerability_id":"VCID-pcmd-srrp-wygh","summary":"libheif: libheif: Denial of Service via out-of-bounds read in Track::load function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3950.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3950.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3950","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05458","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05446","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05403","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05441","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05443","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-3950"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130640","reference_id":"1130640","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130640"},{"reference_url":"https://github.com/strukturag/libheif/issues/1715","reference_id":"1715","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T20:24:45Z/"}],"url":"https://github.com/strukturag/libheif/issues/1715"},{"reference_url":"https://github.com/strukturag/libheif/pull/1721","reference_id":"1721","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T20:24:45Z/"}],"url":"https://github.com/strukturag/libheif/pull/1721"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446751","reference_id":"2446751","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446751"},{"reference_url":"https://vuldb.com/?ctiid.350382","reference_id":"?ctiid.350382","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T20:24:45Z/"}],"url":"https://vuldb.com/?ctiid.350382"},{"reference_url":"https://github.com/Niebelungen-D/pocs/tree/main/heif_dec_sequence_chunk_idx_oob","reference_id":"heif_dec_sequence_chunk_idx_oob","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T20:24:45Z/"}],"url":"https://github.com/Niebelungen-D/pocs/tree/main/heif_dec_sequence_chunk_idx_oob"},{"reference_url":"https://vuldb.com/?id.350382","reference_id":"?id.350382","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T20:24:45Z/"}],"url":"https://vuldb.com/?id.350382"},{"reference_url":"https://github.com/strukturag/libheif/","reference_id":"libheif","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T20:24:45Z/"}],"url":"https://github.com/strukturag/libheif/"},{"reference_url":"https://vuldb.com/?submit.766431","reference_id":"?submit.766431","reference_type":"","scores":[{"value":"1.7","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:OF/RC:C"},{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C"},{"value":"4.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T20:24:45Z/"}],"url":"https://vuldb.com/?submit.766431"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101997?format=json","purl":"pkg:deb/debian/libheif@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101983?format=json","purl":"pkg:deb/debian/libheif@1.11.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.11.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101981?format=json","purl":"pkg:deb/debian/libheif@1.15.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.15.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101986?format=json","purl":"pkg:deb/debian/libheif@1.19.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.8-1%3Fdistro=trixie"}],"aliases":["CVE-2026-3950"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pcmd-srrp-wygh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76261?format=json","vulnerability_id":"VCID-py92-4gr8-eybn","summary":"An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-19499","reference_id":"","reference_type":"","scores":[{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.5923","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.5928","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.59283","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.59274","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.59256","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00371","scoring_system":"epss","scoring_elements":"0.59273","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-19499"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19499","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19499"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101987?format=json","purl":"pkg:deb/debian/libheif@1.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101983?format=json","purl":"pkg:deb/debian/libheif@1.11.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.11.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101981?format=json","purl":"pkg:deb/debian/libheif@1.15.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.15.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101986?format=json","purl":"pkg:deb/debian/libheif@1.19.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101985?format=json","purl":"pkg:deb/debian/libheif@1.21.2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pcmd-srrp-wygh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.21.2-4%3Fdistro=trixie"}],"aliases":["CVE-2020-19499"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-py92-4gr8-eybn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76267?format=json","vulnerability_id":"VCID-rhqp-tbzz-dfbu","summary":"libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49464","reference_id":"","reference_type":"","scores":[{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28612","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28571","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28533","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.285","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00107","scoring_system":"epss","scoring_elements":"0.28504","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49464"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059151","reference_id":"1059151","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059151"},{"reference_url":"https://usn.ubuntu.com/6847-1/","reference_id":"USN-6847-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6847-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101997?format=json","purl":"pkg:deb/debian/libheif@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101983?format=json","purl":"pkg:deb/debian/libheif@1.11.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.11.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101981?format=json","purl":"pkg:deb/debian/libheif@1.15.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.15.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101999?format=json","purl":"pkg:deb/debian/libheif@1.17.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.17.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101986?format=json","purl":"pkg:deb/debian/libheif@1.19.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101985?format=json","purl":"pkg:deb/debian/libheif@1.21.2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pcmd-srrp-wygh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.21.2-4%3Fdistro=trixie"}],"aliases":["CVE-2023-49464"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rhqp-tbzz-dfbu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76265?format=json","vulnerability_id":"VCID-sdn5-npga-7kcp","summary":"libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49462","reference_id":"","reference_type":"","scores":[{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31821","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31751","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31774","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31852","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00128","scoring_system":"epss","scoring_elements":"0.31783","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49462"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/strukturag/libheif/issues/1043","reference_id":"1043","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-26T15:23:06Z/"}],"url":"https://github.com/strukturag/libheif/issues/1043"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059151","reference_id":"1059151","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059151"},{"reference_url":"https://usn.ubuntu.com/6847-1/","reference_id":"USN-6847-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6847-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101997?format=json","purl":"pkg:deb/debian/libheif@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101983?format=json","purl":"pkg:deb/debian/libheif@1.11.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.11.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101981?format=json","purl":"pkg:deb/debian/libheif@1.15.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.15.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101999?format=json","purl":"pkg:deb/debian/libheif@1.17.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.17.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101986?format=json","purl":"pkg:deb/debian/libheif@1.19.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101985?format=json","purl":"pkg:deb/debian/libheif@1.21.2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pcmd-srrp-wygh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.21.2-4%3Fdistro=trixie"}],"aliases":["CVE-2023-49462"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sdn5-npga-7kcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76264?format=json","vulnerability_id":"VCID-sgs9-hymu-3bct","summary":"libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49460","reference_id":"","reference_type":"","scores":[{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34744","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34792","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34756","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34722","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00146","scoring_system":"epss","scoring_elements":"0.34776","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-49460"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/strukturag/libheif/issues/1046","reference_id":"1046","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-09T13:57:39Z/"}],"url":"https://github.com/strukturag/libheif/issues/1046"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059151","reference_id":"1059151","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059151"},{"reference_url":"https://usn.ubuntu.com/6847-1/","reference_id":"USN-6847-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6847-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101997?format=json","purl":"pkg:deb/debian/libheif@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101983?format=json","purl":"pkg:deb/debian/libheif@1.11.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.11.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101981?format=json","purl":"pkg:deb/debian/libheif@1.15.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.15.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101999?format=json","purl":"pkg:deb/debian/libheif@1.17.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.17.6-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101986?format=json","purl":"pkg:deb/debian/libheif@1.19.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101985?format=json","purl":"pkg:deb/debian/libheif@1.21.2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pcmd-srrp-wygh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.21.2-4%3Fdistro=trixie"}],"aliases":["CVE-2023-49460"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sgs9-hymu-3bct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3348?format=json","vulnerability_id":"VCID-sjt1-d5ek-8kh8","summary":"information disclosure","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-23109","reference_id":"","reference_type":"","scores":[{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47931","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47899","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47948","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47919","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47962","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00244","scoring_system":"epss","scoring_elements":"0.47966","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-23109"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23109","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23109"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014125","reference_id":"1014125","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014125"},{"reference_url":"https://security.archlinux.org/AVG-2520","reference_id":"AVG-2520","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2520"},{"reference_url":"https://usn.ubuntu.com/6847-1/","reference_id":"USN-6847-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6847-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101990?format=json","purl":"pkg:deb/debian/libheif@1.8.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.8.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101983?format=json","purl":"pkg:deb/debian/libheif@1.11.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.11.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101981?format=json","purl":"pkg:deb/debian/libheif@1.15.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.15.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101986?format=json","purl":"pkg:deb/debian/libheif@1.19.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101985?format=json","purl":"pkg:deb/debian/libheif@1.21.2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pcmd-srrp-wygh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.21.2-4%3Fdistro=trixie"}],"aliases":["CVE-2020-23109"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sjt1-d5ek-8kh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76269?format=json","vulnerability_id":"VCID-v9re-bwjv-47fv","summary":"In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41311","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41705","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41656","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41648","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41682","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41712","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-41311"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41311","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41311"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/strukturag/libheif/issues/1226","reference_id":"1226","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-16T18:36:12Z/"}],"url":"https://github.com/strukturag/libheif/issues/1226"},{"reference_url":"https://github.com/strukturag/libheif/pull/1227","reference_id":"1227","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-16T18:36:12Z/"}],"url":"https://github.com/strukturag/libheif/pull/1227"},{"reference_url":"https://gist.github.com/flyyee/79f1b224069842ee320115cafa5c35c0","reference_id":"79f1b224069842ee320115cafa5c35c0","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-16T18:36:12Z/"}],"url":"https://gist.github.com/flyyee/79f1b224069842ee320115cafa5c35c0"},{"reference_url":"https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36","reference_id":"a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-16T18:36:12Z/"}],"url":"https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36"},{"reference_url":"https://usn.ubuntu.com/7082-1/","reference_id":"USN-7082-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7082-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/101983?format=json","purl":"pkg:deb/debian/libheif@1.11.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.11.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102006?format=json","purl":"pkg:deb/debian/libheif@1.11.0-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.11.0-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101981?format=json","purl":"pkg:deb/debian/libheif@1.15.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"},{"vulnerability":"VCID-84z5-kbwp-uqb3"},{"vulnerability":"VCID-ykb5-gkn7-cqbd"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.15.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/102007?format=json","purl":"pkg:deb/debian/libheif@1.18.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.18.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101986?format=json","purl":"pkg:deb/debian/libheif@1.19.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101985?format=json","purl":"pkg:deb/debian/libheif@1.21.2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pcmd-srrp-wygh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.21.2-4%3Fdistro=trixie"}],"aliases":["CVE-2024-41311"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9re-bwjv-47fv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/76268?format=json","vulnerability_id":"VCID-ykb5-gkn7-cqbd","summary":"libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25269","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22058","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22152","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22104","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22048","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22165","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-25269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-25269"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/strukturag/libheif/issues/1073","reference_id":"1073","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-03-06T17:02:01Z/"}],"url":"https://github.com/strukturag/libheif/issues/1073"},{"reference_url":"https://usn.ubuntu.com/7952-1/","reference_id":"USN-7952-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7952-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/102004?format=json","purl":"pkg:deb/debian/libheif@1.17.6-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.17.6-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101986?format=json","purl":"pkg:deb/debian/libheif@1.19.8-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-17ft-2q9q-juby"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.8-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/101985?format=json","purl":"pkg:deb/debian/libheif@1.21.2-4?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-pcmd-srrp-wygh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.21.2-4%3Fdistro=trixie"}],"aliases":["CVE-2024-25269"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ykb5-gkn7-cqbd"}],"risk_score":"3.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libheif@1.19.8-1%3Fdistro=trixie"}