libheif before 1.19.6 has a NULL pointer dereference in ImageItemGrid::getdecoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
[ { "signature_type": "Function", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "function": "ImageItem_uncompressed::get_decoder", "file": "libheif/image-items/unc_image.cc" }, "digest": { "function_hash": "97223614629875950827384070934982153999", "length": 76.0 }, "id": "CVE-2025-43967-09e3972d" }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "function": "ImageItem_JPEG2000::get_decoder", "file": "libheif/image-items/jpeg2000.cc" }, "digest": { "function_hash": "100686083428687194534615553918384656434", "length": 72.0 }, "id": "CVE-2025-43967-0cc4c433" }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "function": "ImageItem_JPEG::get_decoder", "file": "libheif/image-items/jpeg.cc" }, "digest": { "function_hash": "64676564652050518465245371941546562986", "length": 68.0 }, "id": "CVE-2025-43967-149926f4" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/image_item.cc" }, "digest": { "threshold": 0.9, "line_hashes": [ "144702385584566346970266367599583761756", "128090327215190624466590406674629294280", "266216486680714321422725176367035929359", "45161153194661579207896062157504135297", "102273177011114846204827987520401687552", "56240667580778780139046968497131090449", "149986114048751849088710764571061671786", "147075415382666458297296533717435465743", "37435093807083680733688766071495795919", "124451855700191990083249717935084275057", "103263863589880675622628772564748023713", "228072717705910486301386035398773140402", "15957194579319808573455430033192807653", "33310614683637307936050538067433465218", "130029696971949724828906978167277933233", "136032602026663835288067536737377142716", "67673437745180253503322116947111217331", "91936583435531524051676729535660639342", "144778618914149977015893042217346975627", "189161870881331295936282344115516167245" ] }, "id": "CVE-2025-43967-1f85a8e4" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/context.cc" }, "digest": { "threshold": 0.9, "line_hashes": [ "109197106594520552971956180068931365876", "299093992844994063072640758949985060476", "7158674116234075458706355072428097284", "142229614660334033698469794919975618479" ] }, "id": "CVE-2025-43967-22b06baf" }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "function": "ImageItem_VVC::get_decoder", "file": "libheif/image-items/vvc.cc" }, "digest": { "function_hash": "209941228665438834785926145249793062348", "length": 67.0 }, "id": "CVE-2025-43967-30cea835" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/jpeg.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "2006490837723645857707428493843597705", "79637021001479467373202430081978284455", "153413870721811384420900812887860573686", "323373225746389559921754348001243472054" ] }, "id": "CVE-2025-43967-33750478" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/hevc.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "25649155035464406546997063262784614993", "186805103937479552734540217982332921111", "287725301333441452421985311889090911156", "319536260836420670674080767478979653839" ] }, "id": "CVE-2025-43967-34499a34" }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "function": "ImageItem_AVC::get_decoder", "file": "libheif/image-items/avc.cc" }, "digest": { "function_hash": "295268528139413477114779685802204057389", "length": 67.0 }, "id": "CVE-2025-43967-3c4241c2" }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "function": "ImageItem::decode_compressed_image", "file": "libheif/image-items/image_item.cc" }, "digest": { "function_hash": "230750261914293183704644039369218631903", "length": 346.0 }, "id": "CVE-2025-43967-475637ee" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/vvc.cc" }, "digest": { "threshold": 0.9, "line_hashes": [ "75462900892699809324617640746818259415", "191023179885685670914783987991087133478", "198654094074910086170786409843374154277", "104614954354964513348948408992842052102", "303174470906304381979195511929955402136", "326802005581413107445563072390836994483" ] }, "id": "CVE-2025-43967-4a44aebc" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/jpeg2000.cc" }, "digest": { "threshold": 0.9, "line_hashes": [ "228630802345923691827440048364125391359", "253274562765873864033925238296697881266", "241789520282322513106721388802202353522", "338920652853140115674617416017010087219", "20317381786671629749584625939935161873", "128135387034805542515268099927348770413" ] }, "id": "CVE-2025-43967-4fb2dfc7" }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "function": "ImageItem_Grid::get_decoder", "file": "libheif/image-items/grid.cc" }, "digest": { "function_hash": "21066379956863180034637842561865516347", "length": 321.0 }, "id": "CVE-2025-43967-5235f20d" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/image_item.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "161003179136510265879342340658836763192", "28093853627493328966512698391901878536", "177867915381749941486468375823462039852", "150024567792774645390375326372831935392" ] }, "id": "CVE-2025-43967-52e25eac" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/grid.cc" }, "digest": { "threshold": 0.9, "line_hashes": [ "271330971351056090394547907044936016600", "276510661344293353264501329712320400337", "88247700760031434346938702580368422550", "313695061663594580174218324281547475328", "21052428757527569622753415594548293979", "334299819873811465389915605883743895929", "249747047377906702149258319748364077468", "16372037193188208672012281289148321509", "108753610852391514317920919754166614963", "91986842199186377717879595664204665444", "65516318678308138803104576862732680952", "54197696641718958804242036178922637292", "74845921491972395483112531166263798505" ] }, "id": "CVE-2025-43967-5c723753" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/jpeg2000.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "127490825353696378051780700806317300741", "315515562129286637237021799493095905263", "126232100081737134245256762704184228945", "32657137403058678256143912221235379505" ] }, "id": "CVE-2025-43967-5e6a347f" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/avif.cc" }, "digest": { "threshold": 0.9, "line_hashes": [ "134383185918119267458419950984536376263", "284530790259376636960318506218878661841", "73286521899413213724197765882895789908", "256374771086128657281503909436045542816" ] }, "id": "CVE-2025-43967-7e69dd42" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/avc.cc" }, "digest": { "threshold": 0.9, "line_hashes": [ "211865217488206622486656025554303567858", "11539110972030098417130217413976154705", "65841793717877196641363414731257771004", "141513306733503932530559059983538804054", "299841022808802504623031475108727867634", "222594567952111577615752058002811998096" ] }, "id": "CVE-2025-43967-815c3310" }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "function": "ImageItem_AVIF::get_decoder", "file": "libheif/image-items/avif.cc" }, "digest": { "function_hash": "234698507599823896691923314190290779533", "length": 62.0 }, "id": "CVE-2025-43967-830c75d4" }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "function": "ImageItem::get_coded_image_colorspace", "file": "libheif/image-items/image_item.cc" }, "digest": { "function_hash": "145366682662655616645164570559252732335", "length": 279.0 }, "id": "CVE-2025-43967-8bf36c2b" }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "function": "ImageItem::get_chroma_bits_per_pixel", "file": "libheif/image-items/image_item.cc" }, "digest": { "function_hash": "238608354431809603160689879335102231140", "length": 150.0 }, "id": "CVE-2025-43967-96ee0747" }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "function": "ImageItem::get_luma_bits_per_pixel", "file": "libheif/image-items/image_item.cc" }, "digest": { "function_hash": "274109924764765527097623813900670734203", "length": 146.0 }, "id": "CVE-2025-43967-9cc96146" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/jpeg.cc" }, "digest": { "threshold": 0.9, "line_hashes": [ "116159451557582070139489470901056794992", "209596001567873323044451701899817668442", "338211310326137976873717796006022839236", "267497135834063746441710453006126769328", "253696570974875802658807944596305642324", "216013739011074412836349019610086346809" ] }, "id": "CVE-2025-43967-aad98cbb" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/avc.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "333731838237567265492396179435100250280", "202644882655130363923538314027704327497", "195733770746602766203076790029682992966", "241820740624138622941012982871661285161" ] }, "id": "CVE-2025-43967-b5219763" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/vvc.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "37937377556790363351681193826798282659", "31016753070385004545824315929075528244", "153413870721811384420900812887860573686", "282696422534869485935099326759131028413" ] }, "id": "CVE-2025-43967-d45d4a3b" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/hevc.cc" }, "digest": { "threshold": 0.9, "line_hashes": [ "315459856293399470155658454281349529085", "27019182289000000194494751615970846150", "54393353423237609759843550818263010796", "203919820391177670363948041851214300017", "11090190196382233007799462955780852074", "248291432838609115833130817459329165530" ] }, "id": "CVE-2025-43967-d8751b6e" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/grid.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "228027025714572903529871201339777848543", "258389886211479879312831210245840931083", "211814247605951928089685325678920552789", "284883922298302045751573586556043231952" ] }, "id": "CVE-2025-43967-eb99a170" }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "function": "HeifContext::get_id_of_non_virtual_child_image", "file": "libheif/context.cc" }, "digest": { "function_hash": "49516758181763934577548109474646718110", "length": 765.0 }, "id": "CVE-2025-43967-ed91de0f" }, { "signature_type": "Function", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "function": "ImageItem_HEVC::get_decoder", "file": "libheif/image-items/hevc.cc" }, "digest": { "function_hash": "245236733512157600606614914179637194151", "length": 62.0 }, "id": "CVE-2025-43967-f006a447" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/unc_image.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "43226921952445355284786505983245841098", "9117654655095507579926475404245926219", "38370523827361533003109214772297429428", "28931472074250096080153945203674370600" ] }, "id": "CVE-2025-43967-f62fe317" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/unc_image.cc" }, "digest": { "threshold": 0.9, "line_hashes": [ "261006501519457013898415963481407287379", "204067845435683055070996634898826541487", "16026257482497356007071479856963234103", "232189058041098585772207683021989760233", "307817484891731579386884220817223829976", "280282303861612867130294901079233524651" ] }, "id": "CVE-2025-43967-fb77279a" }, { "signature_type": "Line", "deprecated": false, "source": "https://github.com/strukturag/libheif/commit/6e35af7b0ff9fb6cc952a1539590d160db32f671", "signature_version": "v1", "target": { "file": "libheif/image-items/avif.h" }, "digest": { "threshold": 0.9, "line_hashes": [ "118815268396983352137778917430664768998", "186805103937479552734540217982332921111", "215293226238478703773833337708059926135", "130173589532827303552894444275051048603" ] }, "id": "CVE-2025-43967-ffef2457" } ]