Dirk Farin

10 exploits Active since Jul 2021
CVE-2026-33165 WRITEUP MEDIUM WRITEUP
heap out-of-bounds write in libde265 1.0.16
libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a stale ctb_info.log2unitSize after an SPS change where PicWidthInCtbsY and PicHeightInCtbsY stay constant but Log2CtbSizeY changes, causing set_SliceHeaderIndex to index past the allocated image metadata array and write 2 bytes past the end of a heap allocation. This issue has been patched in version 1.0.17.
CVSS 5.5
CVE-2025-61147 WRITEUP MEDIUM WRITEUP
strukturag libde265 d9fea9d - Memory Corruption
strukturag libde265 commit d9fea9d wa discovered to contain a segmentation fault via the component decoder_context::compute_framedrop_table().
CVSS 6.2
CVE-2020-19498 WRITEUP HIGH WRITEUP
Struktur Libheif - Denial of Service
Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts.
CVSS 8.8
CVE-2022-1253 WRITEUP CRITICAL WRITEUP
Struktur Libde265 < 1.0.8 - Out-of-Bounds Write
Heap-based Buffer Overflow in GitHub repository strukturag/libde265 prior to and including 1.0.8. The fix is established in commit 8e89fe0e175d2870c39486fdd09250b230ec10b8 but does not yet belong to an official release.
CVSS 9.8
CVE-2023-43887 WRITEUP HIGH WRITEUP
Libde265 <1.0.12 - Buffer Overflow
Libde265 v1.0.12 was discovered to contain multiple buffer overflows via the num_tile_columns and num_tile_row parameters in the function pic_parameter_set::dump.
CVSS 8.1
CVE-2023-47471 WRITEUP MEDIUM WRITEUP
Struktur Libde265 - Buffer Overflow
Buffer Overflow vulnerability in strukturag libde265 v1.10.12 allows a local attacker to cause a denial of service via the slice_segment_header function in the slice.cc component.
CVSS 6.5
CVE-2024-41311 WRITEUP HIGH WRITEUP
Struktur Libheif - Out-of-Bounds Write
In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.
CVSS 8.1
CVE-2025-43966 WRITEUP LOW WRITEUP
Struktur Libheif < 1.19.6 - NULL Pointer Dereference
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
CVSS 2.9
CVE-2025-43967 WRITEUP LOW WRITEUP
Struktur Libheif < 1.19.6 - NULL Pointer Dereference
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
CVSS 2.9
CVE-2025-68431 WRITEUP MEDIUM WRITEUP
libheif <1.21.0 - Memory Corruption
libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converted to `size_t` and is passed to `memcpy`, causing a very large read past the end of the source plane and a crash. Version 1.21.0 contains a patch. As a workaround, avoid decoding images using `iovl` overlay boxes.
CVSS 6.5