lief
PyPI11 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting liefpage 1 of 1
- CVE-2021-32297HIGHCVSS 8.8EG 8.8✓ Fixed in 0.11.52021-09-20
vulnerable: 0.10.0 ... 0.9.0 (12 versions)
An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow exists in the function main located in pe_reader.c. It allows an attacker to cause code Execution.
- CVE-2022-38306HIGHCVSS 7.8EG 5.5✓ Fixed in 0.12.12022-09-13
vulnerable: 0.10.0 ... 0.9.0 (14 versions)
LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc.
- CVE-2022-38307MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.12.12022-09-13
vulnerable: 0.10.0 ... 0.9.0 (14 versions)
LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp.
- CVE-2022-38495HIGHCVSS 7.8EG 7.8✓ Fixed in 0.12.12022-09-13
vulnerable: 0.10.0 ... 0.9.0 (14 versions)
LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c.
- CVE-2022-38496MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.12.22022-09-13
vulnerable: 0.10.0 ... 0.9.0 (15 versions)
LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp.
- CVE-2022-38497MEDIUMCVSS 5.5EG 5.5✓ Fixed in 0.12.12022-09-13
vulnerable: 0.10.0 ... 0.9.0 (14 versions)
LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69.
- CVE-2022-40922MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.12.22022-10-03
vulnerable: 0.10.0 ... 0.9.0 (15 versions)
A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.
- CVE-2022-40923MEDIUMCVSS 6.5EG 6.52022-09-30
vulnerable: 0.10.0 ... 0.9.0 (15 versions)
A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.
- CVE-2022-43171MEDIUMCVSS 6.5EG 6.5✓ Fixed in 0.12.32022-11-17
vulnerable: 0.10.0 ... 0.9.0 (16 versions)
A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file.
- CVE-2024-31636LOWCVSS 3.9EG 3.92024-05-03
vulnerable: 0.10.0 ... 0.9.0 (22 versions)
An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.
- CVE-2025-15504LOWCVSS 3.3EG 3.3✓ Fixed in 0.17.22026-01-10
vulnerable: 0.10.0 ... 0.9.0 (34 versions)
A security flaw has been discovered in lief-project LIEF up to 0.17.1. Affected by this issue is the function Parser::parse_binary of the file src/ELF/Parser.tcc of the component ELF Binary Parser. The manipulation results in null pointer …
Check whether lief is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for lief CVEs against the assets you own.
Start Free Scan →