CVE-2025-43967

Name

CVE-2025-43967

Description

libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
	https://github.com/strukturag/libheif/compare/v1.19.5...v1.19.6
	https://github.com/strukturag/libheif/issues/1455
	https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671

CPE URI	Source package	Min version	Max version
	libheif	>= 0	< 1.19.6
`cpe:2.3:a:struktur:libheif::::::::`	libheif	>= None	< 1.19.6

Source package	Branch	Version	Maintainer	Status
libheif	edge-community	1.19.5-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libheif	3.22-community	1.19.5-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable

References

Match rules

Vulnerable and fixed packages