Login Sign Up

CVE-2025-68431

6.5 MEDIUM
Denial of Service

📋 TL;DR

CVE-2025-68431 is a heap buffer over-read vulnerability in libheif's overlay image processing. Attackers can craft malicious HEIF files to trigger memory corruption, potentially causing crashes or information disclosure. Any application using vulnerable libheif versions to decode HEIF/AVIF files is affected.

💻 Affected Systems

Products:
  • libheif
  • Any software using libheif library
Versions: All versions prior to 1.21.0
Operating Systems: All platforms where libheif is installed
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when processing HEIF files with overlay (iovl) boxes. Applications must actually decode such files to be vulnerable.

📦 What is this software?

Libheif by Struktur

View all CVEs affecting Libheif →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution through memory corruption, though this requires specific heap manipulation and is less likely given the over-read nature.

🟠

Likely Case

Application crash (denial of service) or information disclosure through memory leaks.

🟢

If Mitigated

Controlled crash with no data loss if proper sandboxing and memory protections are enabled.

🌐 Internet-Facing: MEDIUM - Web applications processing user-uploaded HEIF/AVIF files could be exploited, but requires specific file processing.
🏢 Internal Only: LOW - Requires users to open malicious files, which is less likely in controlled environments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious HEIF file with specific overlay parameters. No public exploit code is known at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.21.0

Vendor Advisory: https://github.com/strukturag/libheif/security/advisories/GHSA-j87x-4gmq-cqfq

Restart Required: Yes

Instructions:

1. Update libheif to version 1.21.0 or later. 2. Rebuild any applications statically linked to libheif. 3. Restart affected services using libheif.

🔧 Temporary Workarounds

Disable overlay processing

all

Configure applications to avoid decoding images using iovl overlay boxes

Application-specific configuration required

🧯 If You Can't Patch

  • Implement strict file upload validation to reject HEIF/AVIF files from untrusted sources
  • Run libheif in sandboxed environments with memory protection features enabled

🔍 How to Verify

Check if Vulnerable:

Check libheif version: `libheif --version` or `ldconfig -p | grep libheif`

Check Version:

libheif --version 2>/dev/null || pkg-config --modversion libheif 2>/dev/null || echo 'libheif not found'

Verify Fix Applied:

Confirm version is 1.21.0 or higher: `libheif --version | grep -q '1\.2[1-9]\|1\.[3-9]\|[2-9]'`

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing HEIF/AVIF files
  • Segmentation faults in libheif-related processes

Network Indicators:

  • Unusual HEIF/AVIF file uploads to web applications

SIEM Query:

Process:libheif AND (EventID:1000 OR Signal:SIGSEGV)

📊 Metadata

CVE ID: CVE-2025-68431
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE: CWE-125
EPSS Score: 0.04% exploit probability (11.1th percentile)
Published: December 29, 2025
Last Updated: February 25, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-68431, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)