lief-project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に バッファオーバーフロー and vendor risk input validation などに関し、一部は vendor impact memory corruption を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-15504 | A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It | [email protected] | 1.9 | 0.01% | 2026-01-10 | 2026-04-29 |
| CVE-2024-31636 | An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component. | [email protected] | 3.9 | 0.08% | 2024-05-03 | 2025-08-21 |
| CVE-2022-43171 | A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file. | [email protected] | 6.5 | 0.45% | 2022-11-17 | 2025-04-29 |
| CVE-2022-40922 | A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. | [email protected] | 6.5 | 0.23% | 2022-10-03 | 2024-11-21 |
| CVE-2022-40923 | A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. | [email protected] | 6.5 | 0.26% | 2022-09-30 | 2025-05-20 |
| CVE-2022-38497 | LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69. | [email protected] | 5.5 | 0.02% | 2022-09-13 | 2024-11-21 |
| CVE-2022-38496 | LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp. | [email protected] | 5.5 | 0.05% | 2022-09-13 | 2024-11-21 |
| CVE-2022-38495 | LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c. | [email protected] | 7.8 | 0.05% | 2022-09-13 | 2024-11-21 |
| CVE-2022-38307 | LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp. | [email protected] | 5.5 | 0.02% | 2022-09-13 | 2024-11-21 |
| CVE-2022-38306 | LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc. | [email protected] | 7.8 | 0.13% | 2022-09-13 | 2024-11-21 |
| CVE-2021-32297 | An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow exists in the function main located in pe_reader.c. It allows an attacker to cause code Execution. | [email protected] | 8.8 | 0.55% | 2021-09-20 | 2024-11-21 |