{"id":"CVE-2019-11471","details":"libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images.","modified":"2026-02-01T15:01:49.844094Z","published":"2019-04-23T14:29:00.697Z","related":["MGASA-2019-0290"],"references":[{"type":"ADVISORY","url":"https://github.com/strukturag/libheif/commit/995a4283d8ed2d0d2c1ceb1a577b993df2f0e014"},{"type":"ADVISORY","url":"https://github.com/strukturag/libheif/issues/123"},{"type":"FIX","url":"https://github.com/strukturag/libheif/commit/995a4283d8ed2d0d2c1ceb1a577b993df2f0e014"},{"type":"FIX","url":"https://github.com/strukturag/libheif/issues/123"},{"type":"EVIDENCE","url":"https://github.com/strukturag/libheif/issues/123"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/strukturag/libheif","events":[{"introduced":"0"},{"fixed":"995a4283d8ed2d0d2c1ceb1a577b993df2f0e014"}]}],"versions":["v1.0.0","v1.1.0","v1.2.0","v1.3.0","v1.3.1","v1.3.2","v1.4.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-11471.json","vanir_signatures":[{"deprecated":false,"target":{"file":"libheif/heif_context.cc"},"id":"CVE-2019-11471-9443186f","source":"https://github.com/strukturag/libheif/commit/995a4283d8ed2d0d2c1ceb1a577b993df2f0e014","signature_version":"v1","signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["95260294669190440127728145821624217456","303807190157222396603919287351486898039","4235846168162409445830265275337292217","130048297082083805368811421710562116177"]}},{"deprecated":false,"target":{"function":"HeifContext::interpret_heif_file","file":"libheif/heif_context.cc"},"id":"CVE-2019-11471-d7dcf1e9","source":"https://github.com/strukturag/libheif/commit/995a4283d8ed2d0d2c1ceb1a577b993df2f0e014","signature_version":"v1","signature_type":"Function","digest":{"length":7451,"function_hash":"18988048238589524481853342468677268370"}}]}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}