CVE-2020-19499
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2020-19499
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-19499.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-19499
- Downstream
- Published
- 2021-07-21T18:15:09.167Z
- Modified
- 2025-11-20T11:20:03.070641Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in heif::Boxiref::getreferences in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read.
- References
Affected packages
Git / github.com/strukturag/libheif
Affected ranges
- Type
- GIT
- Repo
- https://github.com/strukturag/libheif
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"digest": {
"length": 551.0,
"function_hash": "298365236335932029718948655364595063960"
},
"id": "CVE-2020-19499-3ed6b852",
"source": "https://github.com/strukturag/libheif/commit/f7399b62d7fbc596f1b2871578c1d2053bedf1dd",
"signature_type": "Function",
"target": {
"file": "libheif/heif_context.cc",
"function": "HeifContext::get_id_of_non_virtual_child_image"
},
"signature_version": "v1",
"deprecated": false
},
{
"digest": {
"threshold": 0.9,
"line_hashes": [
"95267164885634210382392158749447266934",
"83457711232404756495386676341864987400",
"111503610894445712197809965462065388581",
"77959063699929980087287118117281578552"
]
},
"id": "CVE-2020-19499-7b3219ee",
"source": "https://github.com/strukturag/libheif/commit/f7399b62d7fbc596f1b2871578c1d2053bedf1dd",
"signature_type": "Line",
"target": {
"file": "libheif/heif_context.cc"
},
"signature_version": "v1",
"deprecated": false
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-19499.json"