CVE-2025-68431

HIGH EPSS 18.3%
Published Dec 29, 20256mo ago · Modified Jun 17, 20261w ago
7.1 CVSS 3.1
High
Find Similar
Published Dec 29, 2025 6mo ago
Last Modified Jun 17, 2026 1w ago

Description

libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converted to `size_t` and is passed to `memcpy`, causing a very large read past the end of the source plane and a crash. Version 1.21.0 contains a patch. As a workaround, avoid decoding images using `iovl` overlay boxes.

CVSS Details

Base Score
7.1
Exploitability
2.8
Impact
4.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Low
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
18.3% percentile
Exploit & Patch Status
Public Exploit Known
Patch Available

Weaknesses 2

CWE-125 Out-of-bounds Read Memory Safety
CWE-190 Integer Overflow or Wraparound Numeric Error

Affected Products 1

VendorProductVersionRange
strukturlibheif* <1.21.0

References 3

  • github.com https://github.com/strukturag/libheif/commit/b8c12a7b70f46c9516711a988483bed377b78d46
    Patch
  • github.com https://github.com/strukturag/libheif/releases/tag/v1.21.0
    ProductRelease Notes
  • github.com https://github.com/strukturag/libheif/security/advisories/GHSA-j87x-4gmq-cqfq
    ExploitPatchVendor Advisory

Remediation

  • github.com https://github.com/strukturag/libheif/commit/b8c12a7b70f46c9516711a988483bed377b78d46
    Patch
  • github.com https://github.com/strukturag/libheif/security/advisories/GHSA-j87x-4gmq-cqfq
    ExploitPatchVendor Advisory