{"id":"CVE-2020-19498","details":"Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts.","modified":"2026-03-14T10:15:03.901421Z","published":"2021-07-21T18:15:09.133Z","references":[{"type":"FIX","url":"https://github.com/strukturag/libheif/commit/2710c930918609caaf0a664e9c7bc3dce05d5b58"},{"type":"EVIDENCE","url":"https://github.com/strukturag/libheif/issues/139"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/strukturag/libheif","events":[{"introduced":"0"},{"last_affected":"fca25874bb8021dede702bb7023a22af1a8a06ab"},{"fixed":"2710c930918609caaf0a664e9c7bc3dce05d5b58"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.4.0"}]}}],"versions":["v1.0.0","v1.1.0","v1.2.0","v1.3.0","v1.3.1","v1.3.2","v1.4.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-19498.json","vanir_signatures":[{"digest":{"threshold":0.9,"line_hashes":["147731676204354481572081716807761296933","77364423006871603135865097014949881459"]},"id":"CVE-2020-19498-0e06a858","source":"https://github.com/strukturag/libheif/commit/2710c930918609caaf0a664e9c7bc3dce05d5b58","signature_type":"Line","deprecated":false,"target":{"file":"libheif/heif_limits.h"},"signature_version":"v1"},{"digest":{"length":277,"function_hash":"307425792697781340303895090367980089489"},"id":"CVE-2020-19498-442a125d","source":"https://github.com/strukturag/libheif/commit/2710c930918609caaf0a664e9c7bc3dce05d5b58","signature_type":"Function","deprecated":false,"target":{"file":"libheif/box.cc","function":"gcd"},"signature_version":"v1"},{"digest":{"length":416,"function_hash":"34309995185302358440847609850551581907"},"id":"CVE-2020-19498-44eabf83","source":"https://github.com/strukturag/libheif/commit/2710c930918609caaf0a664e9c7bc3dce05d5b58","signature_type":"Function","deprecated":false,"target":{"file":"libheif/box.cc","function":"Fraction::Fraction"},"signature_version":"v1"},{"digest":{"threshold":0.9,"line_hashes":["174289991246967375747520046371327395609","111489145872287977530596979928259219460","304054339016140649440792085094432672616","173391724684025248891390263453862560218","311848231624062782693932878457291591995","325448042776560416591639184439974592432","329452042709779413722893494174400048878","102652525751067957620548945159516718162","264577618361464340510664575409275156959","72232535568091744604674063881934611211","319591038302661741411339569734991551542","322210803745107444957324676128330990564","314498760441025998176084548309037472652","134834596149920996442843100337170125460","48415056289358879248000556526355377453","274326433738329996024662450983298537614","56451859347439688532124717040971852695","234069811981348545847737835386631666955","138556828025878628085655535894342730749","147781027242281381002661021720838884703","185948273879724541204857361409375031781","266525408217744466211788349308680964117","298101149826922467520863710733237268903","283540910113587762663556023797486954970","235175153560213853362309518880050412533","259297907606000672106840750699451926283","326633517225380638043625758770635647346","246158531361235038254832963096817241957","259964101900535481517711827618178748700","257786450703292688662862486076242412332","266268768642903653727189548898322070167","333014738404185582512521919861044770549"]},"id":"CVE-2020-19498-9e4a2235","source":"https://github.com/strukturag/libheif/commit/2710c930918609caaf0a664e9c7bc3dce05d5b58","signature_type":"Line","deprecated":false,"target":{"file":"libheif/box.cc"},"signature_version":"v1"}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}