Bug 2358026 (CVE-2025-29482)
| Summary: | CVE-2025-29482 libheif: Stack Buffer Overflow in libheif SAO Processing | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | prodsec-dev |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | Flags: | dominik:
needinfo?
(prodsec-dev) |
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A flaw was found in the libheif Sample Adaptive Offset (SAO) processing component. This vulnerability can allow an attacker to trigger a stack-based buffer overflow and achieve code execution or cause a crash via a specially crafted HEIF/HEVC file decoded through libheif using libde265. The issue stems from improper bounds checking when processed in a multi-threaded context.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2358146, 2358147 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-04-07 20:01:15 UTC
Fedora builds are not linked with libde265, so they're not affected. Besides, the bug is in libde265. libheif was only used to call the vulnerable libde265 function in the PoC. Correct upstream link: https://github.com/strukturag/libde265/issues/472 . Please add it to the references at https://access.redhat.com/security/cve/CVE-2025-29482 . |