CVE-2025-29482

Name of the Vulnerable Software and Affected Versions libheif version 1.19.7

Description The issue allows a local attacker to execute arbitrary code via the SAO (Sample Adaptive Offset) processing of libde265. This is a Buffer Overflow vulnerability.

Recommendations For libheif version 1.19.7, consider restricting access to the SAO processing of libde265 until a patch is available. As a temporary workaround, disabling the vulnerable component related to SAO processing may help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.