CVE-2025-68431

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-68431
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68431.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-68431
Aliases
  • GHSA-j87x-4gmq-cqfq
Downstream
Related
Published
2025-12-29T19:09:54.628Z
Modified
2026-01-30T02:39:31.162579Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
Summary
libheif has Potential Heap Buffer Over-Read
Details

libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in HeifPixelImage::overlay(). The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converted to size_t and is passed to memcpy, causing a very large read past the end of the source plane and a crash. Version 1.21.0 contains a patch. As a workaround, avoid decoding images using iovl overlay boxes.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/68xxx/CVE-2025-68431.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-125",
        "CWE-190"
    ]
}
References

Affected packages

Git / github.com/strukturag/libheif

Affected ranges

Type
GIT
Repo
https://github.com/strukturag/libheif
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
81b09baa38ac8654d34d0f8b7780c44addfc7893

Affected versions

v1.*

v1.0.0
v1.1.0
v1.10.0
v1.11.0
v1.12.0
v1.13.0
v1.14.0
v1.14.1
v1.14.2
v1.15.0
v1.15.1
v1.15.2
v1.16.0
v1.16.1
v1.16.2
v1.17.0
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.17.5
v1.17.6
v1.18.0
v1.18.0-rc1
v1.18.1
v1.18.2
v1.19.0
v1.19.1
v1.19.2
v1.19.3
v1.19.4
v1.19.5
v1.19.6
v1.19.7
v1.19.8
v1.2.0
v1.20.0
v1.20.1
v1.3.0
v1.3.1
v1.3.2
v1.4.0
v1.5.0
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.7.0
v1.8.0
v1.9.0
v1.9.1

Database specific

vanir_signatures

[
    {
        "signature_type": "Function",
        "id": "CVE-2025-68431-41f3b864",
        "target": {
            "file": "libheif/api/libheif/heif_decoding.cc",
            "function": "fill_default_decoding_options"
        },
        "signature_version": "v1",
        "digest": {
            "function_hash": "34356497781205006473252364979556906119",
            "length": 940.0
        },
        "deprecated": false,
        "source": "https://github.com/strukturag/libheif/commit/81b09baa38ac8654d34d0f8b7780c44addfc7893"
    },
    {
        "signature_type": "Function",
        "id": "CVE-2025-68431-4ec9870c",
        "target": {
            "file": "libheif/api/libheif/heif_decoding.cc",
            "function": "heif_decoding_options_copy"
        },
        "signature_version": "v1",
        "digest": {
            "function_hash": "329797198584329899104486683601108515964",
            "length": 1374.0
        },
        "deprecated": false,
        "source": "https://github.com/strukturag/libheif/commit/81b09baa38ac8654d34d0f8b7780c44addfc7893"
    },
    {
        "signature_type": "Line",
        "id": "CVE-2025-68431-8b16a428",
        "target": {
            "file": "libheif/api/libheif/heif_decoding.cc"
        },
        "signature_version": "v1",
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "86989328228010646195824957620703865309",
                "315748430350726531986735925707017146044",
                "48195258588107620977743124844228928254",
                "39329765749603303780335262745387807436",
                "278674891859007306422493718580202199222",
                "246737114233977316513938417832652467043",
                "305193605705415212218217871446369761088",
                "51058199956735957655386557920259163456",
                "44218036590128212083565674600086656473",
                "196590235662868324802423222985018305791",
                "177174771090411233403604693192959750546",
                "272346606380776608490083823624255834136",
                "316203364162326920082443224420335411806",
                "173998481382920159388264252056027936138",
                "309796206102394975632185273807526561928",
                "264961994815018702713207910196561053551",
                "272640526741428161440284802322705573607",
                "288262173295861768794265364273338310735",
                "53705723303867008772075427526346244002"
            ]
        },
        "deprecated": false,
        "source": "https://github.com/strukturag/libheif/commit/81b09baa38ac8654d34d0f8b7780c44addfc7893"
    }
]

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68431.json"