CVE-2025-29769
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2025-29769
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-29769.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2025-29769
- Aliases
-
- GHSA-f8r8-43hh-rghm
- Downstream
- Published
- 2025-04-07T20:09:30Z
- Modified
- 2025-10-30T20:32:46.940543Z
- Severity
-
- 8.5 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- libvips has a potential heap-based buffer overflow when attempting to convert multiband TIFF input to HEIF output
- Details
-
libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't many ways to create a "multiband" input, but it is possible with a well-crafted TIFF image. If a "multiband" TIFF input image had 4 channels and HEIF-based output was requested, this led to libvips creating a 3 channel HEIF image without an alpha channel but then attempting to write 4 channels of data. This caused a heap buffer overflow, which could crash the process. This vulnerability is fixed in 8.16.1.
- Database specific
{ "cwe_ids": [ "CWE-122" ] }- References
-
- https://github.com/libvips/libvips/commit/9ab6784f693de50b00fa535b9efbbe9d2cbf71f2
- https://github.com/libvips/libvips/pull/4392
- https://github.com/libvips/libvips/pull/4394
- https://github.com/libvips/libvips/security/advisories/GHSA-f8r8-43hh-rghm
- https://issues.oss-fuzz.com/issues/396460413
- https://lists.debian.org/debian-lts-announce/2025/04/msg00044.html
Affected packages
Git / github.com/libvips/libvips
Affected ranges
- Type
- GIT
- Repo
- https://github.com/libvips/libvips
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v7.*
v7.28.0
v7.30.0
v8.*
v8.0-beta
v8.1
v8.10.0
v8.10.0-beta1
v8.10.0-beta2
v8.10.0-rc1
v8.10.0-rc2
v8.10.1
v8.10.2
v8.10.3
v8.10.4
v8.10.5
v8.10.6
v8.10.6-beta
v8.10.6-beta2
v8.11
v8.11.0
v8.11.0-rc1
v8.11.1
v8.11.2
v8.11.3
v8.11.4
v8.12.0
v8.12.0-rc1
v8.12.1
v8.12.2
v8.13.0
v8.13.0-pre1
v8.13.0-rc1
v8.13.0-rc2
v8.13.1
v8.13.2
v8.13.3
v8.14.0
v8.14.0-rc1
v8.14.1
v8.14.2
v8.14.3
v8.14.4
v8.14.5
v8.15.0
v8.15.0-rc1
v8.15.0-rc2
v8.15.1
v8.15.2
v8.15.2a
v8.15.3
v8.15.4
v8.15.4-rc1
v8.15.5
v8.15.5-rc1
v8.16.0
v8.16.0-rc1
v8.16.0-rc2
v8.2.2
v8.2.3
v8.3.0
v8.4.2
v8.5.1
v8.5.2
v8.5.3
v8.5.4
v8.5.5
v8.5.6
v8.5.7
v8.5.8
v8.5.9
v8.6.0
v8.6.0-alpha1
v8.6.0-alpha2
v8.6.0-alpha3
v8.6.0-alpha4
v8.6.0-alpha5
v8.6.0-beta1
v8.6.0-beta2
v8.6.1
v8.6.2
v8.6.3
v8.6.4
v8.7.0
v8.7.0-alpha1
v8.7.0-alpha2
v8.7.0-rc1
v8.7.0-rc2
v8.7.0-rc3
v8.7.1
v8.7.2
v8.7.3
v8.7.4
v8.8.0
v8.8.0-rc1
v8.8.0-rc2
v8.8.0-rc3
v8.8.1
v8.8.2
v8.8.3
v8.9.0
v8.9.0-alpha1
v8.9.0-beta1
v8.9.0-beta2
v8.9.0-rc1
v8.9.0-rc2
v8.9.0-rc3
v8.9.0-rc4
v8.9.1
v8.9.2
Database specific
vanir_signatures
[
{
"id": "CVE-2025-29769-0063a648",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "204020809808310251746300681675559292488",
"length": 620.0
},
"target": {
"file": "libvips/arithmetic/project.c",
"function": "histogram_new"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-00c1ae1b",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"146472816832899882966478323424401127517",
"148326969278183464372550809532090466944",
"182219639003239320448735512808934449634",
"155924435074457232687163652552213826156",
"336617849283971222837505782177383409653",
"803955325889370501923842229077371335"
],
"threshold": 0.9
},
"target": {
"file": "libvips/colour/LCh2UCS.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-04e1a71e",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"193108773183593523063244334198615847800",
"264945369779496300054931651289675991538",
"86915066004139306974228449770797227031",
"207801093950959293730776636176370628677",
"64554583486337420752129310521102766938"
],
"threshold": 0.9
},
"target": {
"file": "libvips/arithmetic/hist_find_indexed.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-06cb308a",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "219336353028416286600163239812572623554",
"length": 738.0
},
"target": {
"file": "libvips/conversion/bandfold.c",
"function": "vips_bandfold_gen"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-0710beed",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "49482531972001338931917788933450096189",
"length": 1248.0
},
"target": {
"file": "libvips/iofuncs/sinkmemory.c",
"function": "sink_memory_area_allocate_fn"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-07c93c75",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "81195685466037972049142443751421814165",
"length": 449.0
},
"target": {
"file": "libvips/foreign/tiff2vips.c",
"function": "rtiff_memcpy_f16_line"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-1fb62569",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "226757554773432999185031849290785704508",
"length": 1563.0
},
"target": {
"file": "libvips/iofuncs/sinkdisc.c",
"function": "wbuffer_allocate_fn"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-25cfd41e",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "162065518651073381149323774574119761123",
"length": 1383.0
},
"target": {
"file": "libvips/foreign/nsgifload.c",
"function": "vips_foreign_load_nsgif_generate"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-25d6a5b1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"272291151288643359550297672357935186156",
"295825767676251176497493997935099637567",
"277351185936650717006935512785023070139",
"303535540788642997802566058272638721106"
],
"threshold": 0.9
},
"target": {
"file": "libvips/iofuncs/sink.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-2ca60095",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"141442950390216318326352839088305770071",
"153069353973596181927703545135427839666",
"9055500463534748510970152684301091965",
"164615813486703122047085905963844179098"
],
"threshold": 0.9
},
"target": {
"file": "libvips/conversion/bandfold.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-39ad95ab",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "172177910203211658879442797228772129995",
"length": 856.0
},
"target": {
"file": "libvips/conversion/bandunfold.c",
"function": "vips_bandunfold_gen"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-3c98ae87",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "136313937702517628057648004774623903246",
"length": 826.0
},
"target": {
"file": "libvips/iofuncs/image.c",
"function": "vips_image_write_line"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-4c102671",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"277026826687837235815190948504319578323",
"252722630879511071764624341773658224149",
"49889071180197118036636417345194692873",
"119968551676930068520052005204735500119"
],
"threshold": 0.9
},
"target": {
"file": "libvips/foreign/jp2ksave.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-51dc2075",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "66454751116007750885452359630712951636",
"length": 731.0
},
"target": {
"file": "libvips/colour/LCh2UCS.c",
"function": "vips_col_Ch2hcmc"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-54d8197c",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"224111719122948287673371751216582171456",
"290513418336582190457024954504297058084",
"69520451101562331025353693862332901778",
"40817255997188265090830122362266292339"
],
"threshold": 0.9
},
"target": {
"file": "libvips/iofuncs/image.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-597613ab",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"115689833891332522440686458280635997257",
"40508754931948131137613498287664560942",
"298389639304085383603340978501759588667",
"129563101249015669603578012539749899962"
],
"threshold": 0.9
},
"target": {
"file": "libvips/foreign/vips2tiff.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-5fedffe8",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "114021330274702959458823973567211416642",
"length": 442.0
},
"target": {
"file": "libvips/foreign/vips2tiff.c",
"function": "wtiff_copy_tiles"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-6a570517",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"250630285592061441462996242439780594535",
"121148056315924335082155559554402105049",
"121766204676390800623815629539350676340",
"25260374781496496573451853141710047134",
"16370322979098300526162288795531926709"
],
"threshold": 0.9
},
"target": {
"file": "libvips/arithmetic/project.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-74811e8d",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"25014365708793849312105565107376123787",
"6979766214851900822491636522080970959",
"194062793705506041484935398416525435604",
"7645406198215832225298928340040545038"
],
"threshold": 0.9
},
"target": {
"file": "libvips/foreign/webp2vips.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-7c4db7ab",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "243377832511917294406550829998174968534",
"length": 571.0
},
"target": {
"file": "libvips/foreign/webpsave.c",
"function": "vips_foreign_save_webp_sink_disc"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-7d5d0508",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"70466197837800275671426846784454753898",
"32002996136132438557141455686239459372",
"277351185936650717006935512785023070139",
"303535540788642997802566058272638721106"
],
"threshold": 0.9
},
"target": {
"file": "libvips/iofuncs/sinkdisc.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-874e0777",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"269934432524418097979283969797131971754",
"91630415714778288992856255175593183926",
"187281943457099218252227373160068129551",
"258043668703769235876002668803825491344"
],
"threshold": 0.9
},
"target": {
"file": "libvips/conversion/composite.cpp"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-8b3323bf",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"52523319222682133306067690970262988637",
"218933073584012078905010539949691704481",
"230548712135915964927364027985317706594",
"58546834836218732294859452091743856728",
"239804529752878341096181055589144925776",
"202911701663837746884652638389915571212",
"260705589446926322483771404580149949099",
"34331004634277756899999991212284680245"
],
"threshold": 0.9
},
"target": {
"file": "libvips/foreign/tiff2vips.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-8c370571",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"252783723868940395789848860920698113710",
"184689510815020467176263032827923398916",
"277351185936650717006935512785023070139",
"303535540788642997802566058272638721106"
],
"threshold": 0.9
},
"target": {
"file": "libvips/iofuncs/sinkmemory.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-8fbe1538",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"302361671922933163081884868596792378226",
"216318392601005908538537229341969927467",
"279984703499309912758272473104122316302",
"323552431928893289578256023953586836911"
],
"threshold": 0.9
},
"target": {
"file": "libvips/conversion/embed.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-913a4da7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "55066222544191457898521205504890021304",
"length": 731.0
},
"target": {
"file": "libvips/arithmetic/hist_find_indexed.c",
"function": "histogram_new"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-91f040c1",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "200159597338612280373174958795461821360",
"length": 1983.0
},
"target": {
"file": "libvips/mosaicing/matrixinvert.c",
"function": "lu_decomp"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-9e6e4056",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "337752901805752112892059833783117723676",
"length": 865.0
},
"target": {
"file": "libvips/conversion/embed.c",
"function": "vips_embed_base_paint_edge"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-acf859c0",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "295086633344562358492305010474157156326",
"length": 907.0
},
"target": {
"file": "libvips/foreign/webp2vips.c",
"function": "vips_image_paint_image"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-adafd844",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"104101647814092378979766491578675454821",
"81943542041296418169157601065047272728",
"171058700349401871254313516766569271451",
"255904088170959438372305781804967209428"
],
"threshold": 0.9
},
"target": {
"file": "libvips/mosaicing/matrixinvert.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-b101c8ea",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "87901119015312691826201689114662279514",
"length": 1239.0
},
"target": {
"file": "libvips/iofuncs/sink.c",
"function": "sink_area_allocate_fn"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-bb5be849",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"318626080935404777321996941007022724219",
"126728542830347104328899979776212024271",
"237572275032682885397696619724365302130",
"185898092728466258361382489170615574696"
],
"threshold": 0.9
},
"target": {
"file": "libvips/foreign/nsgifload.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-bb918ce3",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "205736318270045473948896703020627779753",
"length": 1607.0
},
"target": {
"file": "libvips/foreign/tiff2vips.c",
"function": "rtiff_decompress_jpeg_run"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-be439bc7",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"24875867738206083492760039906121135648",
"105038057759592853591083683240054476714",
"209573835184059481931656536947595802878",
"11584784780552678659114232395508616292"
],
"threshold": 0.9
},
"target": {
"file": "libvips/foreign/webpsave.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-e58a0d91",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"318000631397884841997196568373679664561",
"112131231652818112737136636747257954743",
"188980767027441133412796215488847185327",
"244411993317488070253681494387579941093"
],
"threshold": 0.9
},
"target": {
"file": "libvips/conversion/bandunfold.c"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
},
{
"id": "CVE-2025-29769-e7045178",
"deprecated": false,
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "208411974504325091436517522032930970505",
"length": 450.0
},
"target": {
"file": "libvips/foreign/jp2ksave.c",
"function": "vips_foreign_save_jp2k_sizeof_tile"
},
"source": "https://github.com/libvips/libvips/commit/82c7c05cb02a52750251bb4cc69d67f40568cf98"
}
]