CVE-2025-68431

Name
CVE-2025-68431
Description
libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converted to `size_t` and is passed to `memcpy`, causing a very large read past the end of the source plane and a crash. Version 1.21.0 contains a patch. As a workaround, avoid decoding images using `iovl` overlay boxes.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/strukturag/libheif/commit/b8c12a7b70f46c9516711a988483bed377b78d46
MISC https://github.com/strukturag/libheif/releases/tag/v1.21.0
CONFIRM https://github.com/strukturag/libheif/security/advisories/GHSA-j87x-4gmq-cqfq

Match rules

CPE URI Source package Min version Max version
libheif >= 0 < 1.21.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libheif edge-main 1.20.2-r2 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-main 1.20.2-r1 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-main 1.17.6-r0 None possibly vulnerable
libheif edge-main 1.5.0-r0 None possibly vulnerable
libheif edge-community 1.20.2-r1 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.20.2-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.20.1-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.19.8-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.19.7-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.19.5-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.17.6-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.5.0-r0 None possibly vulnerable
libheif 3.23-main 1.20.2-r1 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable