CVE-2025-29769

Name of the Vulnerable Software and Affected Versions libvips versions prior to 8.16.1

Description The issue arises from the heifsave operation in libvips, which can incorrectly determine the presence of an alpha channel in a "multiband" input. This can occur with a well-crafted TIFF image, leading to a heap buffer overflow when attempting to write 4 channels of data to a 3-channel HEIF image. This can cause the process to crash.

Recommendations For versions prior to 8.16.1, update to version 8.16.1 to resolve the issue. As a temporary workaround, consider avoiding the use of the heifsave operation with "multiband" TIFF input images until the update is applied.