Ddos 
A new vulnerability has been discovered in libheif, a widely used open-source library for decoding modern image formats, that could cause applications to crash simply by processing a malicious image. The flaw, tracked as CVE-2025-65586, involves an out-of-bounds memory access issue that puts software handling HEIF and AVIF files at risk of sudden termination.
As the backbone for image processing in many mobile devices, browsers, and photo management tools, libheif’s stability is critical for the seamless display of high-efficiency visual content.
The vulnerability lies within the library’s uncompressed decoder component. According to the vulnerability note, the issue is triggered when the decoder attempts to process specific metadata structures. “The decoder fails to adequately validate values read from an internal metadata box before performing iterator arithmetic on the underlying data buffer”.
This failure to check boundaries allows a “malformed HEIF file” to trick the system. “As a result, a malformed HEIF file can cause the decoder to read past the end of the input buffer and incorrectly interpret unrelated memory as valid metadata”.
While the primary outcome is a crash (segmentation fault), the disruption can be significant for services that automatically process user-uploaded content.
The impact of this flaw is currently rated as a Denial of Service (DoS). Attackers can exploit it by “supplying a maliciously crafted HEIF image, causing applications that use libheif to crash”.
The report highlights several potential scenarios where this could cause havoc:
- Unexpected termination of applications that decode HEIF images.
- Crashes in systems that automatically generate previews or thumbnails.
- Disruption of services that process untrusted HEIF content (e.g., browsers, email clients, photo management tools).
Fortunately, there is “no evidence at this time that this vulnerability can be used to achieve memory disclosure or arbitrary code execution,” limiting the risk primarily to stability rather than data theft.
The vulnerability was discovered through “coverage-guided fuzzing” and has been addressed by the library maintainers. The fix involves better validation of metadata values to ensure iterators stay within safe bounds.
Users and developers are strongly urged to update. “Software vendors and developers using the libheif library are strongly encouraged to update to version 1.21.0 or later, which includes the fix for this vulnerability”.
Related Posts:
- The Pixel 9 Zero-Click Exploit Chain That Breaks the Kernel
- Researcher Details Zero-Click RCE in Dolby Audio Decoder Affecting Android, iOS, and macOS
- Malformed & Dangerous: Gootloader Returns with New Ransomware Ties
- CVE-2025-31115: XZ Utils Hit Again with High-Severity Multithreaded Decoder Bug
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
