VU#481830: libheif Uncompressed Codec Lacks Bounds Check Leading to Application Crash
A vulnerability exists in libheif's uncompressed decoder due to an out-of-bounds memory access issue. This flaw allows a maliciously crafted HEIF image to trigger a denial-of-service condition. The vulnerability arises from inadequate validation of metadata values during processing. Specifically, the decoder fails to properly check values from internal metadata boxes. This can lead to the decoder reading past the end of the input buffer. This can result in a segmentation fault during image decoding. The vulnerability, identified as CVE-2025-65586, affects versions v1.19.0 through 1.21.1 of libheif, introduced in commit 6190b58f. The impact is limited to denial-of-service, causing applications using libheif to crash. The vulnerability was discovered through fuzzing with AddressSanitizer. The solution is to update to libheif version 1.21.0 or later, which includes the fix. The vulnerability was reported by Maor Caplan and fixed by Dirk Farin.