Primary

Context

libheif Buffer Overflow Vulnerability in SAO Processing Allows Arbitrary Code Execution

Vulnerability

A buffer overflow vulnerability has been identified in libheif version 1.19.7. This vulnerability allows local attackers to execute arbitrary code by exploiting the Sample Adaptive Offset (SAO) processing in the libde265 library, which is used for HEIF/HEVC decoding. The issue arises from inadequate bounds checking when accessing the 'bandTable' array, leading to a stack buffer overflow during multi-threaded decoding.

Impact

Exploitation of this vulnerability causes a stack buffer overflow, which can lead to arbitrary code execution.

Reproduction

The vulnerability can be reproduced by using a crash file that contains malformed SAO parameters. This file can be processed with the 'heif_decode_image' function, using libheif's decoding interface. The stack buffer overflow occurs in the 'apply_sao_internal' function, specifically during multi-threaded decoding, when the improper SAO parameters are applied.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

10.0

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

10.0

exploitability

6.0

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

libheif Buffer Overflow Vulnerability in SAO Processing Allows Arbitrary Code Execution

Vulnerability

Impact

Reproduction

Affected Products

libde265

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating