lief-project CVE Vulnerabilities & Metrics

Focus on lief-project vulnerabilities and metrics.

Last updated: 21 Aug 2025, 22:25 UTC

About lief-project Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with lief-project. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total lief-project CVEs: 10
Earliest CVE date: 20 Sep 2021, 16:15 UTC
Latest CVE date: 03 May 2024, 17:15 UTC

Latest CVE reference: CVE-2024-31636

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical lief-project CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.68

Max CVSS: 6.8

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	9
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS lief-project CVEs

These are the five CVEs with the highest CVSS scores for lief-project, sorted by severity first and recency.

CVE-2021-32297 lief-project Published on 20 Sep 2021, 16:15 UTC (CVSS: 6.8)
An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow exists in the function main located in pe_reader.c. It allows an attacker to cause code Execution.
CVE-2024-31636 lief-project Published on 03 May 2024, 17:15 UTC (CVSS: 0)
An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.
CVE-2022-43171 lief-project Published on 17 Nov 2022, 23:15 UTC (CVSS: 0)
A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file.
CVE-2022-40922 lief-project Published on 03 Oct 2022, 13:15 UTC (CVSS: 0)
A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.
CVE-2022-40923 lief-project Published on 30 Sep 2022, 19:15 UTC (CVSS: 0)
A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.

All CVEs for lief-project

CVE-2024-31636 lief-project vulnerability CVSS: 0 03 May 2024, 17:15 UTC

An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component.

CVE-2022-43171 lief-project vulnerability CVSS: 0 17 Nov 2022, 23:15 UTC

A heap buffer overflow in the LIEF::MachO::BinaryParser::parse_dyldinfo_generic_bind function of LIEF v0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted MachO file.

CVE-2022-40922 lief-project vulnerability CVSS: 0 03 Oct 2022, 13:15 UTC

A vulnerability in the LIEF::MachO::BinaryParser::init_and_parse function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.

CVE-2022-40923 lief-project vulnerability CVSS: 0 30 Sep 2022, 19:15 UTC

A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file.

CVE-2022-38497 lief-project vulnerability CVSS: 0 13 Sep 2022, 21:15 UTC

LIEF commit 365a16a was discovered to contain a segmentation violation via the component CoreFile.tcc:69.

CVE-2022-38496 lief-project vulnerability CVSS: 0 13 Sep 2022, 21:15 UTC

LIEF commit 365a16a was discovered to contain a reachable assertion abort via the component BinaryStream.hpp.

CVE-2022-38495 lief-project vulnerability CVSS: 0 13 Sep 2022, 21:15 UTC

LIEF commit 365a16a was discovered to contain a heap-buffer overflow via the function print_binary at /c/macho_reader.c.

CVE-2022-38307 lief-project vulnerability CVSS: 0 13 Sep 2022, 21:15 UTC

LIEF commit 5d1d643 was discovered to contain a segmentation violation via the function LIEF::MachO::SegmentCommand::file_offset() at /MachO/SegmentCommand.cpp.

CVE-2022-38306 lief-project vulnerability CVSS: 0 13 Sep 2022, 21:15 UTC

LIEF commit 5d1d643 was discovered to contain a heap-buffer overflow in the component /core/CorePrPsInfo.tcc.

CVE-2021-32297 lief-project vulnerability CVSS: 6.8 20 Sep 2021, 16:15 UTC

An issue was discovered in LIEF through 0.11.4. A heap-buffer-overflow exists in the function main located in pe_reader.c. It allows an attacker to cause code Execution.