Heap Buffer Over-read in libheif HEIF and AVIF File Decoder from Struktur AG
CVE-2025-68431

6.5MEDIUM

Key Information:

Vendor

Strukturag

Status
Libheif
Vendor
CVE Published:
29 December 2025

What is CVE-2025-68431?

The libheif library, used for HEIF and AVIF file format decoding, is susceptible to a heap buffer over-read due to a flaw in the handling of overlay image items. Specifically, prior to version 1.21.0, the 'HeifPixelImage::overlay()' method could process a crafted HEIF image which results in a negative row length calculation. This error, likely caused by an invalid or unclipped overlay rectangle, leads to an underflow when converted to 'size_t' for memory operations. As a result, the library attempts to read beyond the allocated memory, which can lead to crashes and unpredictable behavior during image decoding. To resolve this issue, users should upgrade to at least version 1.21.0 or avoid using images with 'iovl' overlay boxes as a temporary workaround.

Affected Version(s)

libheif < 1.21.0

References

https://github.com/strukturag/libheif/security/advisories...
x_refsource_CONFIRM
https://github.com/strukturag/libheif/commit/b8c12a7b70f4...
x_refsource_MISC
https://github.com/strukturag/libheif/releases/tag/v1.21.0
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.