CVE-2025-68431
Heap Buffer Over-Read in libheif Overlay Image Processing Causes Crash
Publication date: 2025-12-29
Last updated on: 2026-02-25
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| struktur | libheif | to 1.21.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |
| CWE-190 | The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in libheif occurs when a specially crafted HEIF file uses the overlay image item path, causing the function HeifPixelImage::overlay() to compute a negative row length. This negative value underflows when converted to an unsigned size_t type and is passed to memcpy, resulting in a heap buffer over-read and a crash.
How can this vulnerability impact me? :
The vulnerability can cause a crash in applications using libheif to decode crafted HEIF images, potentially leading to denial of service. It does not impact confidentiality or integrity but affects availability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update libheif to version 1.21.0 or later where the issue is patched. As a workaround, avoid decoding images that use 'iovl' overlay boxes.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the libheif library with crafted HEIF images that exercise the overlay image item path, specifically those using 'iovl' overlay boxes. Detection involves observing crashes or abnormal behavior during image decoding. Since the vulnerability causes a heap buffer over-read leading to crashes, running libheif decoding under memory error detection tools like AddressSanitizer or using fuzzing tools such as libFuzzer can help identify the issue. There are no specific network commands provided, but you can check the libheif version installed on your system with commands like 'libheif --version' or by querying your package manager (e.g., 'dpkg -l | grep libheif' on Debian-based systems). To detect vulnerable versions, ensure the libheif version is earlier than 1.21.0. Avoid decoding HEIF images with overlay boxes as a workaround. No explicit commands for detection are provided in the resources. [3]