Miggo Logo
Miggo Vulnerability Database
CVE-2024-25269

CVE-2024-25269: libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an...

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2024-25269
GHSA ID
GHSA-cqh8-r8g2-2v3r
EPSS Score
0.18461%
CWE
CWE-400
Published
3/5/2024
Updated
8/1/2024
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerable functions were identified based on the information provided in the GitHub issue #1073 for libheif, specifically the ASAN (AddressSanitizer) output which directly implicates JpegEncoder::Encode and Encoder::GetExifMetaData in memory leaks. The commit information could not be retrieved, so the confidence is medium. The file paths are derived from the ASAN log.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

li***i* <= *.**.* *ont*ins * m*mory l**k in t** *un*tion Jp***n*o**r::*n*o**. T*is *l*w *llows *n *tt**k*r to **us* * **ni*l o* s*rvi** *tt**k.

Reasoning

T** vuln*r**l* *un*tions w*r* i**nti*i** **s** on t** in*orm*tion provi*** in t** *it*u* issu* #**** *or li***i*, sp**i*i**lly t** *S*N (***r*ssS*nitiz*r) output w*i** *ir**tly impli**t*s `Jp***n*o**r::*n*o**` *n* `*n*o**r::**t*xi*M*t***t*` in m*mory