ALPINE-CVE-2025-68431
- Source
- https://security.alpinelinux.org/vuln/CVE-2025-68431
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/alpine/ALPINE-CVE-2025-68431.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/ALPINE-CVE-2025-68431
- Upstream
- Published
- 2025-12-29T19:15:56.933Z
- Modified
- 2026-02-04T13:15:34.976699Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in
HeifPixelImage::overlay(). The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converted tosize_tand is passed tomemcpy, causing a very large read past the end of the source plane and a crash. Version 1.21.0 contains a patch. As a workaround, avoid decoding images usingiovloverlay boxes. - References
Affected packages
Alpine:v3.23 / libheif
Package
- Name
- libheif
- Purl
- pkg:apk/alpine/libheif?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.21.2-r0
Affected versions
1.*
1.3.2-r0
1.3.2-r1
1.3.2-r2
1.4.0-r0
1.5.0-r0
1.5.0-r1
1.5.1-r0
1.5.1-r1
1.6.0-r0
1.6.1-r0
1.6.2-r0
1.6.2-r1
1.6.2-r2
1.7.0-r0
1.7.0-r1
1.9.1-r0
1.11.0-r0
1.12.0-r0
1.12.0-r1
1.12.0-r2
1.13.0-r0
1.14.0-r0
1.14.2-r0
1.15.1-r0
1.15.2-r0
1.15.2-r1
1.15.2-r2
1.15.2-r3
1.16.1-r0
1.16.1-r1
1.16.2-r0
1.17.1-r0
1.17.3-r0
1.17.3-r1
1.17.6-r0
1.17.6-r1
1.18.0-r0
1.18.2-r0
1.19.2-r0
1.19.5-r0
1.19.7-r0
1.19.8-r0
1.20.1-r0
1.20.2-r0
1.20.2-r1