CVE-2019-11471

HIGH8.8EPSS 0.27%

Published: 4/23/2019Modified: 4/28/2026

Description

libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images.

Affected packages (2)

Alpine/libheiffrom 0, < 1.5.0-r0
Debian/libheiffrom 0, < 1.3.2-2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (2)

ADVISORYhttps://security.alpinelinux.org/vuln/CVE-2019-11471
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2019-11471