CVE-2025-43967
CVE Details
Visit the official vulnerability details page for CVE-2025-43967 to learn more.
Initial Publication
04/22/2025
Last Update
05/27/2025
Third Party Dependency
libheif1
NIST CVE Summary
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
CVE Severity
Our Official Summary
This is a vulnerability identified in versions of the libheif library prior to 1.19.6. This issue arises from a NULL pointer dereference in the ImageItem_Grid::get_decoder function, specifically when a grid image references a nonexistent image item. Such a condition can lead to application crashes, resulting in a denial of service (DoS).
This CVE is reported on a 3rd party kubevirt ui component. Since this container is not exposed, exploitation risk is low. Impact of an exploit is limited to the container attack surface.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.6.28 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 05/27/2025 | Status changed from Open to Ongoing |
| 05/27/2025 | Official summary added |
| 05/15/2025 | Advisory assigned with HIGH severity |