Description

libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't many ways to create a "multiband" input, but it is possible with a well-crafted TIFF image. If a "multiband" TIFF input image had 4 channels and HEIF-based output was requested, this led to libvips creating a 3 channel HEIF image without an alpha channel but then attempting to write 4 channels of data. This caused a heap buffer overflow, which could crash the process. This vulnerability is fixed in 8.16.1.

INFO

Published Date :

2025-04-07T20:09:30.971Z

Last Modified :

2025-04-30T22:03:02.869Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-29769 vulnerability.

Vendors Products
Debian
  • Debian Linux
Libvips
  • Libvips
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-29769.

URL Resource
https://github.com/libvips/libvips/commit/9ab6784f693de50b00fa535b9efbbe9d2cbf71f2 cve-icon cve-icon
https://github.com/libvips/libvips/pull/4392 cve-icon cve-icon
https://github.com/libvips/libvips/pull/4394 cve-icon cve-icon
https://github.com/libvips/libvips/security/advisories/GHSA-f8r8-43hh-rghm cve-icon cve-icon
https://issues.oss-fuzz.com/issues/396460413 cve-icon cve-icon
https://lists.debian.org/debian-lts-announce/2025/04/msg00044.html cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact