Login Sign Up

CVE-2025-29482

6.2 MEDIUM
Buffer Overflow

📋 TL;DR

A buffer overflow vulnerability in libheif 1.19.7 allows local attackers to execute arbitrary code through SAO processing in libde265. This affects systems using libheif for HEIF/HEIC image processing. Attackers need local access to exploit this vulnerability.

💻 Affected Systems

Products:
  • libheif
  • Applications using libheif for HEIF/HEIC processing
Versions: libheif 1.19.7 (specific version affected)
Operating Systems: Linux, macOS, Windows, Any OS with libheif
Default Config Vulnerable: ⚠️ Yes
Notes: Any application that uses libheif to process HEIF/HEIC files is potentially vulnerable.

📦 What is this software?

Libheif by Struktur

View all CVEs affecting Libheif →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise with attacker-controlled code execution.

🟠

Likely Case

Local user gains elevated privileges or crashes the application processing malicious HEIF/HEIC files.

🟢

If Mitigated

Application crash without code execution if exploit fails or mitigations are in place.

🌐 Internet-Facing: LOW - Requires local access, not directly exploitable over network.
🏢 Internal Only: MEDIUM - Local attackers could exploit this for privilege escalation on affected systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploit requires local access and ability to trigger HEIF/HEIC file processing. Proof-of-concept available in GitHub repository.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: libheif 1.19.8 or later

Vendor Advisory: https://github.com/strukturag/libheif/security/advisories

Restart Required: Yes

Instructions:

1. Check current libheif version. 2. Update to libheif 1.19.8 or later using package manager. 3. Restart applications using libheif. 4. Rebuild any statically linked applications.

🔧 Temporary Workarounds

Disable HEIF/HEIC processing

all

Prevent applications from processing HEIF/HEIC files using libheif

# Configure applications to reject HEIF/HEIC files
# Remove or disable libheif plugins

Sandbox image processing

linux

Run applications that process HEIF/HEIC files in restricted environments

# Use containerization (Docker with limited capabilities)
# Implement AppArmor/SELinux policies

🧯 If You Can't Patch

  • Restrict local user access to systems with vulnerable libheif installations
  • Implement strict file upload controls to prevent malicious HEIF/HEIC files from being processed

🔍 How to Verify

Check if Vulnerable:

Check libheif version: 'libheif --version' or 'dpkg -l | grep libheif' or 'rpm -qa | grep libheif'

Check Version:

libheif --version 2>/dev/null || pkg-config --modversion libheif 2>/dev/null || echo "Check package manager"

Verify Fix Applied:

Verify version is 1.19.8 or later and test with known malicious HEIF/HEIC files

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing HEIF/HEIC files
  • Unusual memory access patterns in application logs

Network Indicators:

  • Not applicable - local vulnerability

SIEM Query:

Application: (libheif OR heif OR heic) AND Event: (crash OR segmentation_fault OR buffer_overflow)

📊 Metadata

CVE ID: CVE-2025-29482
CVSS v3 Score: 6.2 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-120
EPSS Score: 0.09% exploit probability (25.9th percentile)
Published: April 7, 2025
Last Updated: April 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-29482, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)