CNNVD-202512-4930 Information

CNNVD ID

CNNVD-202512-4930

Related CVE

CVE-2025-68431

• CNNVD Published: 2025-12-29

Description (Chinese)

libheif是struktur开源的一款 ISO/IEC 23008-12:2017 HEIF 文件格式解码器和编码器。 libheif 1.21.0之前版本存在输入验证错误漏洞，该漏洞源于特制HEIF文件触发堆缓冲区过度读取，可能导致崩溃。

Description (English)

Libheif is an ISO/IEC 23008-12:2017 HEIF file-format decoder and encoder of the stuuktur open source. The previous version of libheif 1.21.0 had an input validation error loophole, which stemmed from the unique HEIF file triggering overreading of the buffer zone, which could lead to a breakdown.

Hazard Level

High

Vulnerability Type

输入验证错误

Affected Vendor

struktur

Published

2025-12-29

Last Modified

2026-02-24

References

https://github.com/strukturag/libheif/commit/b8c12a7b70f46c9516711a988483bed377b78d46 https://github.com/strukturag/libheif/releases/tag/v1.21.0 https://github.com/strukturag/libheif/security/advisories/GHSA-j87x-4gmq-cqfq

Patch

https://github.com/strukturag/libheif/releases