vulnerability
Ubuntu: USN-7952-1 (CVE-2025-68431): libheif vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:M/Au:N/C:N/I:N/A:C) | Dec 29, 2025 | Jan 13, 2026 | Jan 15, 2026 |
Severity
7
CVSS
(AV:N/AC:M/Au:N/C:N/I:N/A:C)
Published
Dec 29, 2025
Added
Jan 13, 2026
Modified
Jan 15, 2026
Description
It was discovered that libheif did not correctly handle certain memory
operations. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS
and Ubuntu 24.04 LTS. (CVE-2024-25269)
Aldo Ristori discovered that libheif did not correctly handle certain
memory operations. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2025-68431)
Solution
ubuntu-pro-upgrade-libheif1
References
- CVE-2025-68431
- https://attackerkb.com/topics/CVE-2025-68431
- CWE-125
- CWE-190
- UBUNTU-USN-7952-1
- URL-https://github.com/strukturag/libheif/releases/tag/v1.21.0
- URL-https://github.com/strukturag/libheif/security/advisories/GHSA-j87x-4gmq-cqfq
- URL-https://ubuntu.com/security/notices/USN-7952-1
- URL-https://www.cve.org/CVERecord?id=CVE-2025-68431
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.