DNA View

CVE-2025-43967

Low

Low Medium High Critical

2.9

CVSS Score

Published: Apr 21, 2025

Last Modified: May 08, 2025

CWE: CWE-476

Vulnerability Description

libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

44 configuration(s) from 1 vendor(s)

libheif

Version:

1.3.2

CPE:

cpe:2.3:a:struktur:libheif:1.3.2:*:*:*:*:*:*:*

libheif

Version:

1.11.0

CPE:

cpe:2.3:a:struktur:libheif:1.11.0:*:*:*:*:*:*:*

libheif

Version:

1.14.2

CPE:

cpe:2.3:a:struktur:libheif:1.14.2:*:*:*:*:*:*:*

libheif

Version:

1.4.0

CPE:

cpe:2.3:a:struktur:libheif:1.4.0:*:*:*:*:*:*:*

libheif

Version:

1.16.1

CPE:

cpe:2.3:a:struktur:libheif:1.16.1:*:*:*:*:*:*:*

libheif

Version:

1.19.5

CPE:

cpe:2.3:a:struktur:libheif:1.19.5:*:*:*:*:*:*:*

libheif

Version:

1.17.2

CPE:

cpe:2.3:a:struktur:libheif:1.17.2:*:*:*:*:*:*:*

libheif

Version:

1.9.0

CPE:

cpe:2.3:a:struktur:libheif:1.9.0:*:*:*:*:*:*:*

libheif

Version:

1.15.2

CPE:

cpe:2.3:a:struktur:libheif:1.15.2:*:*:*:*:*:*:*

libheif

Version:

1.3.1

CPE:

cpe:2.3:a:struktur:libheif:1.3.1:*:*:*:*:*:*:*

libheif

Version:

1.2.0

CPE:

cpe:2.3:a:struktur:libheif:1.2.0:*:*:*:*:*:*:*

libheif

Version:

1.6.2

CPE:

cpe:2.3:a:struktur:libheif:1.6.2:*:*:*:*:*:*:*

libheif

Version:

1.10.0

CPE:

cpe:2.3:a:struktur:libheif:1.10.0:*:*:*:*:*:*:*

libheif

Version:

1.17.3

CPE:

cpe:2.3:a:struktur:libheif:1.17.3:*:*:*:*:*:*:*

libheif

Version:

1.19.0

CPE:

cpe:2.3:a:struktur:libheif:1.19.0:*:*:*:*:*:*:*

libheif

Version:

1.18.1

CPE:

cpe:2.3:a:struktur:libheif:1.18.1:*:*:*:*:*:*:*

libheif

Version:

1.15.1

CPE:

cpe:2.3:a:struktur:libheif:1.15.1:*:*:*:*:*:*:*

libheif

Version:

1.14.1

CPE:

cpe:2.3:a:struktur:libheif:1.14.1:*:*:*:*:*:*:*

libheif

Version:

1.16.0

CPE:

cpe:2.3:a:struktur:libheif:1.16.0:*:*:*:*:*:*:*

libheif

Version:

1.8.0

CPE:

cpe:2.3:a:struktur:libheif:1.8.0:*:*:*:*:*:*:*

libheif

Version:

1.13.0

CPE:

cpe:2.3:a:struktur:libheif:1.13.0:*:*:*:*:*:*:*

libheif

Version:

1.18.2

CPE:

cpe:2.3:a:struktur:libheif:1.18.2:*:*:*:*:*:*:*

libheif

Version:

1.19.3

CPE:

cpe:2.3:a:struktur:libheif:1.19.3:*:*:*:*:*:*:*

libheif

Version:

1.6.0

CPE:

cpe:2.3:a:struktur:libheif:1.6.0:*:*:*:*:*:*:*

libheif

Version:

1.12.0

CPE:

cpe:2.3:a:struktur:libheif:1.12.0:*:*:*:*:*:*:*

libheif

Version:

1.0.0

CPE:

cpe:2.3:a:struktur:libheif:1.0.0:*:*:*:*:*:*:*

libheif

Version:

1.5.0

CPE:

cpe:2.3:a:struktur:libheif:1.5.0:*:*:*:*:*:*:*

libheif

Version:

1.17.0

CPE:

cpe:2.3:a:struktur:libheif:1.17.0:*:*:*:*:*:*:*

libheif

Version:

1.19.2

CPE:

cpe:2.3:a:struktur:libheif:1.19.2:*:*:*:*:*:*:*

libheif

Version:

1.18.0

CPE:

cpe:2.3:a:struktur:libheif:1.18.0:-:*:*:*:*:*:*

libheif

Version:

1.17.6

CPE:

cpe:2.3:a:struktur:libheif:1.17.6:*:*:*:*:*:*:*

libheif

Version:

1.14.0

CPE:

cpe:2.3:a:struktur:libheif:1.14.0:*:*:*:*:*:*:*

libheif

Version:

1.5.1

CPE:

cpe:2.3:a:struktur:libheif:1.5.1:*:*:*:*:*:*:*

libheif

Version:

1.3.0

CPE:

cpe:2.3:a:struktur:libheif:1.3.0:*:*:*:*:*:*:*

libheif

Version:

1.6.1

CPE:

cpe:2.3:a:struktur:libheif:1.6.1:*:*:*:*:*:*:*

libheif

Version:

1.17.5

CPE:

cpe:2.3:a:struktur:libheif:1.17.5:*:*:*:*:*:*:*

libheif

Version:

1.1.0

CPE:

cpe:2.3:a:struktur:libheif:1.1.0:*:*:*:*:*:*:*

libheif

Version:

1.19.4

CPE:

cpe:2.3:a:struktur:libheif:1.19.4:*:*:*:*:*:*:*

libheif

Version:

1.9.1

CPE:

cpe:2.3:a:struktur:libheif:1.9.1:*:*:*:*:*:*:*

libheif

Version:

1.15.0

CPE:

cpe:2.3:a:struktur:libheif:1.15.0:*:*:*:*:*:*:*

libheif

Version:

1.17.4

CPE:

cpe:2.3:a:struktur:libheif:1.17.4:*:*:*:*:*:*:*

libheif

Version:

1.17.1

CPE:

cpe:2.3:a:struktur:libheif:1.17.1:*:*:*:*:*:*:*

libheif

Version:

1.16.2

CPE:

cpe:2.3:a:struktur:libheif:1.16.2:*:*:*:*:*:*:*

libheif

Version:

1.19.1

CPE:

cpe:2.3:a:struktur:libheif:1.19.1:*:*:*:*:*:*:*

This vulnerability affects 44 software configuration(s). Ensure you patch all affected systems.

Available Security Patches

3 patches available from vendors

View All Patches

Oracle

CPUAPR2026

Oracle Critical Patch Update Advisory - April 2026

Severity

Critical

Released

Apr 21, 2026

Restart Required

Security Update

View Details Vendor Page

Oracle

CPUJAN2026

Oracle Critical Patch Update Advisory - January 2026

Severity

Critical

Released

Jan 20, 2026

Restart Required

Security Update

View Details Vendor Page

SUSE

CVE-2025-43967

Severity

Unknown

Released

Apr 23, 2025

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

Severity Details

2.9

out of 10.0

Low

Weakness Type (CWE)

CWE-476 Top 25 #21

NULL Pointer Dereference

Description: The product dereferences a pointer that it expects to be valid but is NULL.
Exploit Likelihood: Medium
Typical Severity: High
Abstraction Level: Base