CVE-2025-43966
CVE Details
Visit the official vulnerability details page for CVE-2025-43966 to learn more.
Initial Publication
04/22/2025
Last Update
05/27/2025
Third Party Dependency
libheif1
NIST CVE Summary
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
CVE Severity
Our Official Summary
This is a vulnerability identified in versions of the libheif library prior to 1.19.6. This issue arises from a NULL pointer dereference in the ImageItem_iden function within the image-items/iden.cc file. Such a condition can lead to application crashes, resulting in a denial of service (DoS)
This CVE is reported on a 3rd party kubevirt ui component. Since this container is not exposed, exploitation risk is low. Impact of an exploit is limited to the container attack surface.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.6.28 | ✅ No Impact | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 05/27/2025 | Status changed from Open to Ongoing |
| 05/27/2025 | Official summary added |
| 05/15/2025 | Advisory assigned with HIGH severity |