security update

libheif-CVE-2025-68431.patch

@@ -0,0 +1,23 @@
+From b8c12a7b70f46c9516711a988483bed377b78d46 Mon Sep 17 00:00:00 2001
+From: Dirk Farin <dirk.farin@gmail.com>
+Date: Tue, 11 Nov 2025 19:47:50 +0100
+Subject: [PATCH] fix wrong copy width in overlay images (thanks to Aldo
+ Ristori for reporting this)
+
+---
+ libheif/pixelimage.cc | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: libheif-1.19.7/libheif/pixelimage.cc
+===================================================================
+--- libheif-1.19.7.orig/libheif/pixelimage.cc
++++ libheif-1.19.7/libheif/pixelimage.cc
+@@ -1295,7 +1295,7 @@ Error HeifPixelImage::overlay(std::share
+       if (!has_alpha) {
+         memcpy(out_p + out_x0 + (out_y0 + y - in_y0) * out_stride,
+                in_p + in_x0 + y * in_stride,
+-               in_w - in_x0);
++               in_w);
+       }
+       else {
+         for (uint32_t x = in_x0; x < in_w; x++) {

libheif.changes

@@ -1,3 +1,11 @@
+-------------------------------------------------------------------
+Tue Jan  6 10:11:07 UTC 2026 - Petr Gajdos <pgajdos@suse.com>
+
+- security update
+- added patches
+  CVE-2025-68431 [bsc#1255735], heap buffer over-read in `HeifPixelImage::overlay()` via crafted HEIF that exercises the overlay image item
+  * libheif-CVE-2025-68431.patch
+
 -------------------------------------------------------------------
 Mon Mar  3 18:28:54 UTC 2025 - Arjen de Korte <suse+build@de-korte.org>
 

libheif.spec

@@ -52,6 +52,8 @@ Group:          Productivity/Graphics/Other
 URL:            https://github.com/strukturag/libheif
 Source0:        %{url}/releases/download/v%{version}/libheif-%{version}.tar.gz
 Source99:       baselibs.conf
+# CVE-2025-68431 [bsc#1255735], heap buffer over-read in `HeifPixelImage::overlay()` via crafted HEIF that exercises the overlay image item
+Patch0:        libheif-CVE-2025-68431.patch
 BuildRequires:  chrpath
 BuildRequires:  cmake >= 3.25
 BuildRequires:  fdupes