CVE-2021-32289

EUVD-2021-19144
An issue was discovered in heif through through v3.6.2. A NULL pointer dereference exists in the function convertByteStreamToRBSP() located in nalutil.cpp. It allows an attacker to cause Denial of Service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.5 MEDIUM
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Affected Products (NVD)
VendorProductVersion
nokiaheif
𝑥
≤ 3.6.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/nokiatech/heif/issues/85
https://github.com/nokiatech/heif/issues/85