High Severity Vulnerability
This vulnerability has been rated as High severity. Immediate action is recommended.
CVE-2024-25269
High
Low
Medium
High
Critical
7.5
CVSS Score
Published: Mar 05, 2024
Last Modified: Mar 24, 2025
Vulnerability Description
libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack.
CVSS Metrics
Common Vulnerability Scoring System
Vector String:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
N
Attack Complexity
L
Privileges Required
N
User Interaction
N
Scope
U
Confidentiality
N
Integrity
N
Availability
H
Known Affected Software
35 configuration(s) from 1 vendor(s)
libheif
Version:
1.3.2
CPE:
cpe:2.3:a:struktur:libheif:1.3.2:*:*:*:*:*:*:*
libheif
Version:
1.11.0
CPE:
cpe:2.3:a:struktur:libheif:1.11.0:*:*:*:*:*:*:*
libheif
Version:
1.14.2
CPE:
cpe:2.3:a:struktur:libheif:1.14.2:*:*:*:*:*:*:*
libheif
Version:
1.4.0
CPE:
cpe:2.3:a:struktur:libheif:1.4.0:*:*:*:*:*:*:*
libheif
Version:
1.16.1
CPE:
cpe:2.3:a:struktur:libheif:1.16.1:*:*:*:*:*:*:*
libheif
Version:
1.17.2
CPE:
cpe:2.3:a:struktur:libheif:1.17.2:*:*:*:*:*:*:*
libheif
Version:
1.9.0
CPE:
cpe:2.3:a:struktur:libheif:1.9.0:*:*:*:*:*:*:*
libheif
Version:
1.15.2
CPE:
cpe:2.3:a:struktur:libheif:1.15.2:*:*:*:*:*:*:*
libheif
Version:
1.3.1
CPE:
cpe:2.3:a:struktur:libheif:1.3.1:*:*:*:*:*:*:*
libheif
Version:
1.2.0
CPE:
cpe:2.3:a:struktur:libheif:1.2.0:*:*:*:*:*:*:*
libheif
Version:
1.6.2
CPE:
cpe:2.3:a:struktur:libheif:1.6.2:*:*:*:*:*:*:*
libheif
Version:
1.10.0
CPE:
cpe:2.3:a:struktur:libheif:1.10.0:*:*:*:*:*:*:*
libheif
Version:
1.17.3
CPE:
cpe:2.3:a:struktur:libheif:1.17.3:*:*:*:*:*:*:*
libheif
Version:
1.15.1
CPE:
cpe:2.3:a:struktur:libheif:1.15.1:*:*:*:*:*:*:*
libheif
Version:
1.14.1
CPE:
cpe:2.3:a:struktur:libheif:1.14.1:*:*:*:*:*:*:*
libheif
Version:
1.16.0
CPE:
cpe:2.3:a:struktur:libheif:1.16.0:*:*:*:*:*:*:*
libheif
Version:
1.8.0
CPE:
cpe:2.3:a:struktur:libheif:1.8.0:*:*:*:*:*:*:*
libheif
Version:
1.13.0
CPE:
cpe:2.3:a:struktur:libheif:1.13.0:*:*:*:*:*:*:*
libheif
Version:
1.6.0
CPE:
cpe:2.3:a:struktur:libheif:1.6.0:*:*:*:*:*:*:*
libheif
Version:
1.12.0
CPE:
cpe:2.3:a:struktur:libheif:1.12.0:*:*:*:*:*:*:*
libheif
Version:
1.0.0
CPE:
cpe:2.3:a:struktur:libheif:1.0.0:*:*:*:*:*:*:*
libheif
Version:
1.5.0
CPE:
cpe:2.3:a:struktur:libheif:1.5.0:*:*:*:*:*:*:*
libheif
Version:
1.17.0
CPE:
cpe:2.3:a:struktur:libheif:1.17.0:*:*:*:*:*:*:*
libheif
Version:
1.17.6
CPE:
cpe:2.3:a:struktur:libheif:1.17.6:*:*:*:*:*:*:*
libheif
Version:
1.14.0
CPE:
cpe:2.3:a:struktur:libheif:1.14.0:*:*:*:*:*:*:*
libheif
Version:
1.5.1
CPE:
cpe:2.3:a:struktur:libheif:1.5.1:*:*:*:*:*:*:*
libheif
Version:
1.3.0
CPE:
cpe:2.3:a:struktur:libheif:1.3.0:*:*:*:*:*:*:*
libheif
Version:
1.6.1
CPE:
cpe:2.3:a:struktur:libheif:1.6.1:*:*:*:*:*:*:*
libheif
Version:
1.17.5
CPE:
cpe:2.3:a:struktur:libheif:1.17.5:*:*:*:*:*:*:*
libheif
Version:
1.1.0
CPE:
cpe:2.3:a:struktur:libheif:1.1.0:*:*:*:*:*:*:*
libheif
Version:
1.9.1
CPE:
cpe:2.3:a:struktur:libheif:1.9.1:*:*:*:*:*:*:*
libheif
Version:
1.15.0
CPE:
cpe:2.3:a:struktur:libheif:1.15.0:*:*:*:*:*:*:*
libheif
Version:
1.17.4
CPE:
cpe:2.3:a:struktur:libheif:1.17.4:*:*:*:*:*:*:*
libheif
Version:
1.17.1
CPE:
cpe:2.3:a:struktur:libheif:1.17.1:*:*:*:*:*:*:*
libheif
Version:
1.16.2
CPE:
cpe:2.3:a:struktur:libheif:1.16.2:*:*:*:*:*:*:*
This vulnerability affects 35 software configuration(s). Ensure you patch all affected systems.
Canonical (Ubuntu)
USN-7952-1
USN-7952-1: libheif vulnerabilities
Severity
Unknown
Released
Jan 12, 2026
Security Update
Severity Details
7.5
out of 10.0
High
Key Information
- Published Date
- March 05, 2024
