CVE-2024-25269Uncontrolled Resource Consumption in Libheif

CWE-400Uncontrolled Resource Consumption8 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 78.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Struktur LibheifDebian Libheif
Timeline
PublishedMar 5
Latest updateJan 12

Description

libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

debiandebian/libheif< libheif 1.17.6-2 (forky)
Debianstruktur/libheif< 1.17.6-2+1
Ubuntustruktur/libheif< 1.17.6-1ubuntu4.2+4
NVDstruktur/libheif1.17.6

🔴Vulnerability Details

4
OSV
libheif vulnerabilities2026-01-12
OSV
CVE-2024-25269: libheif <= 12024-03-05
CVEList
CVE-2024-25269: libheif <= 12024-03-05
GHSA
GHSA-cqh8-r8g2-2v3r: libheif <= 12024-03-05

📋Vendor Advisories

3
Ubuntu
libheif vulnerabilities2026-01-12
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: DC-Specific Component (libheif) — CVE-2024-252692024-10-15
Debian
CVE-2024-25269: libheif - libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. Th...2024