Aggregates CVE and security vulnerability intelligence across all lief-project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk buffer overflow and vendor risk input validation and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-15504 | A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer dereference. The attack must be initiated from a local position. The exploit has been released to the public and may be used for attacks. Upgrading to version 0.17.2 can resolve this issue. The patch is identified as 81bd5d7ea0c390563f1c4c017c9019d154802978. It | [email protected] | 1.9 | 0.01% | 2026-01-10 | 2026-04-29 |
| CVE-2024-31636 | An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component. | [email protected] | 3.9 | 0.08% | 2024-05-03 | 2025-08-21 |
| CVE-2022-43171 | A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file. | [email protected] | 6.5 | 0.45% | 2022-11-17 | 2025-04-29 |
| CVE-2022-40922 | A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. | [email protected] | 6.5 | 0.23% | 2022-10-03 | 2024-11-21 |
| CVE-2022-40923 | A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. | [email protected] | 6.5 | 0.26% | 2022-09-30 | 2025-05-20 |
| CVE-2022-38497 | LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69. | [email protected] | 5.5 | 0.02% | 2022-09-13 | 2024-11-21 |
| CVE-2022-38496 | LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp. | [email protected] | 5.5 | 0.05% | 2022-09-13 | 2024-11-21 |
| CVE-2022-38495 | LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c. | [email protected] | 7.8 | 0.05% | 2022-09-13 | 2024-11-21 |
| CVE-2022-38307 | LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp. | [email protected] | 5.5 | 0.02% | 2022-09-13 | 2024-11-21 |
| CVE-2022-38306 | LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc. | [email protected] | 7.8 | 0.13% | 2022-09-13 | 2024-11-21 |
| CVE-2021-32297 | An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow exists in the function main located in pe_reader.c. It allows an attacker to cause code Execution. | [email protected] | 8.8 | 0.55% | 2021-09-20 | 2024-11-21 |