CVE-2024-25269: libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an...
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.18461%
CWE
Published
3/5/2024
Updated
8/1/2024
KEV Status
No
Technology
-
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The vulnerable functions were identified based on the information provided in the GitHub issue #1073 for libheif, specifically the ASAN (AddressSanitizer) output which directly implicates JpegEncoder::Encode and Encoder::GetExifMetaData in memory leaks. The commit information could not be retrieved, so the confidence is medium. The file paths are derived from the ASAN log.