CVE-2024-25269

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.17.7

Description The issue is related to a memory leak in the JpegEncoder::Encode function, which can be exploited by an attacker to cause a denial of service attack. This flaw allows a remote attacker to disrupt service.

Recommendations For versions prior to 1.17.7, update to version 1.17.7 or later to resolve the issue. As a temporary workaround, consider disabling the JpegEncoder::Encode function until a patch is available.

Exploit

Fix

DoS

Resource Exhaustion

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-401

Related Identifiers

ALT-PU-2024-17820

ALT-PU-2025-2122

ALT-PU-2025-2126

BDU:2024-03241

CVE-2024-25269

ECHO-9B73-8B89-16B1

USN-7952-1

Affected Products

Alt Linux

Debian

Linuxmint

Red Os

Ubuntu

Libheif

CVE-2024-25269

Weakness Enumeration

Related Identifiers

Affected Products

References · 18