CVE-2025-68431

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-68431
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68431.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-68431
Aliases
  • GHSA-j87x-4gmq-cqfq
Downstream
Related
Published
2025-12-29T19:09:54.628Z
Modified
2026-04-12T19:16:14.186260Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
libheif has Potential Heap Buffer Over-Read
Details

libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in HeifPixelImage::overlay(). The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converted to size_t and is passed to memcpy, causing a very large read past the end of the source plane and a crash. Version 1.21.0 contains a patch. As a workaround, avoid decoding images using iovl overlay boxes.

Database specific 
{
    "cwe_ids": [
        "CWE-125",
        "CWE-190"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68431.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/strukturag/libheif

Affected ranges

Type
GIT
Repo
https://github.com/strukturag/libheif
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
81b09baa38ac8654d34d0f8b7780c44addfc7893

Affected versions

v1.*
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.14.1
v1.14.2
v1.15.0
v1.15.1
v1.15.2
v1.16.0
v1.16.1
v1.16.2
v1.17.0
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.17.5
v1.17.6
v1.18.0
v1.18.0-rc1
v1.19.0
v1.19.1
v1.19.2
v1.19.3
v1.19.4
v1.19.5
v1.2.0
v1.20.0
v1.20.1
v1.3.0
v1.3.1
v1.3.2
v1.7.0
v1.8.0
v1.9.0
v1.9.1

Database specific

vanir_signatures_modified 
"2026-04-12T19:16:14Z"
source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68431.json"
vanir_signatures 
[
    {
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2025-68431-41f3b864",
        "source": "https://github.com/strukturag/libheif/commit/81b09baa38ac8654d34d0f8b7780c44addfc7893",
        "signature_version": "v1",
        "target": {
            "file": "libheif/api/libheif/heif_decoding.cc",
            "function": "fill_default_decoding_options"
        },
        "digest": {
            "length": 940.0,
            "function_hash": "34356497781205006473252364979556906119"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "id": "CVE-2025-68431-4ec9870c",
        "source": "https://github.com/strukturag/libheif/commit/81b09baa38ac8654d34d0f8b7780c44addfc7893",
        "signature_version": "v1",
        "target": {
            "file": "libheif/api/libheif/heif_decoding.cc",
            "function": "heif_decoding_options_copy"
        },
        "digest": {
            "length": 1374.0,
            "function_hash": "329797198584329899104486683601108515964"
        }
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "id": "CVE-2025-68431-8b16a428",
        "source": "https://github.com/strukturag/libheif/commit/81b09baa38ac8654d34d0f8b7780c44addfc7893",
        "signature_version": "v1",
        "target": {
            "file": "libheif/api/libheif/heif_decoding.cc"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "86989328228010646195824957620703865309",
                "315748430350726531986735925707017146044",
                "48195258588107620977743124844228928254",
                "39329765749603303780335262745387807436",
                "278674891859007306422493718580202199222",
                "246737114233977316513938417832652467043",
                "305193605705415212218217871446369761088",
                "51058199956735957655386557920259163456",
                "44218036590128212083565674600086656473",
                "196590235662868324802423222985018305791",
                "177174771090411233403604693192959750546",
                "272346606380776608490083823624255834136",
                "316203364162326920082443224420335411806",
                "173998481382920159388264252056027936138",
                "309796206102394975632185273807526561928",
                "264961994815018702713207910196561053551",
                "272640526741428161440284802322705573607",
                "288262173295861768794265364273338310735",
                "53705723303867008772075427526346244002"
            ]
        }
    }
]