Описание
Security update for libheif
This update for libheif fixes the following issues:
- CVE-2025-68431: Fixed heap buffer over-read in
HeifPixelImage::overlay()via crafted HEIF that exercises the overlay image item (bsc#1255735)
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP7
libheif1-1.19.5-150700.3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP7
gdk-pixbuf-loader-libheif-1.19.5-150700.3.3.1
libheif-devel-1.19.5-150700.3.3.1
Ссылки
- Link for SUSE-SU-2026:0087-1
- E-Mail link for SUSE-SU-2026:0087-1
- SUSE Security Ratings
- SUSE Bug 1255735
- SUSE CVE CVE-2025-68431 page
Описание
libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped overlay rectangle or invalid offsets), which then underflows when converted to `size_t` and is passed to `memcpy`, causing a very large read past the end of the source plane and a crash. Version 1.21.0 contains a patch. As a workaround, avoid decoding images using `iovl` overlay boxes.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP7:libheif1-1.19.5-150700.3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:gdk-pixbuf-loader-libheif-1.19.5-150700.3.3.1
SUSE Linux Enterprise Module for Package Hub 15 SP7:libheif-devel-1.19.5-150700.3.3.1
Ссылки
- CVE-2025-68431
- SUSE Bug 1255735