CVE-2024-41311 – CVE-2024-41311 is an out-of-bounds read/write v... (How to Fix)

Q: How do I fix CVE-2024-41311?

1. Update Libheif to version 1.17.7 or later. 2. Recompile any applications using Libheif. 3. Restart affected services if they were running with vulnerable version.

Q: What is the severity of CVE-2024-41311?

CVE-2024-41311 has a CVSS score of 8.1 (HIGH). CVE-2024-41311 is an out-of-bounds read/write vulnerability in Libheif's ImageOverlay::parse() function when processing malicious HEIF files with forged offsets. This allows attackers to potentially execute arbitrary code or cause denial of service. Anyone using Libheif to process HEIF images is affected.

📋 TL;DR

CVE-2024-41311 is an out-of-bounds read/write vulnerability in Libheif's ImageOverlay::parse() function when processing malicious HEIF files with forged offsets. This allows attackers to potentially execute arbitrary code or cause denial of service. Anyone using Libheif to process HEIF images is affected.

💻 Affected Systems

Products:

Libheif
Applications using Libheif library

Versions: Libheif <= 1.17.6

Operating Systems: Linux, Windows, macOS, BSD

Default Config Vulnerable: ⚠️ Yes

Notes: Any application that uses Libheif to decode HEIF files is vulnerable

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Libheif by Struktur

View all CVEs affecting Libheif →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise

🟠

Likely Case

Application crash (denial of service) or information disclosure

🟢

If Mitigated

Application crash with limited impact if sandboxed

🌐 Internet-Facing: MEDIUM - Requires processing malicious HEIF files, which could be uploaded to web services

🏢 Internal Only: LOW - Requires user interaction to open malicious files

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Proof of concept available in GitHub gist, exploitation requires user to process malicious HEIF file

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Libheif 1.17.7 and later

Vendor Advisory: https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36

Restart Required: No

Instructions:

1. Update Libheif to version 1.17.7 or later. 2. Recompile any applications using Libheif. 3. Restart affected services if they were running with vulnerable version.

🔧 Temporary Workarounds

Disable HEIF processing

all

Temporarily disable HEIF file processing in applications

Input validation

all

Implement strict file type validation before processing

🧯 If You Can't Patch

Implement strict file upload restrictions for HEIF files
Run applications in sandboxed/containerized environments

🔍 How to Verify

Check if Vulnerable:

Check Libheif version with: libheif --version or dpkg -l | grep libheif

Check Version:

libheif --version

Verify Fix Applied:

Verify version is 1.17.7 or higher: libheif --version | grep -q '1\.1[7-9]\.[7-9]'

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing HEIF files
Memory access violation errors

Network Indicators:

Unusual HEIF file uploads to web services

SIEM Query:

source="application.log" AND ("segmentation fault" OR "access violation") AND "heif"

📊 Metadata

CVE ID: CVE-2024-41311

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE: CWE-125

Published: October 15, 2024

Last Updated: March 24, 2025

🔗 References

https://gist.github.com/flyyee/79f1b224069842ee320115cafa5c35c0 Third Party Advisory
https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36 Patch
https://github.com/strukturag/libheif/issues/1226 Exploit,Issue Tracking
https://github.com/strukturag/libheif/pull/1227 Issue Tracking,Patch
https://lists.debian.org/debian-lts-announce/2024/10/msg00025.html Mailing List

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-41311, you might also want to check these: