4 matches found
PT-2026-49255
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow write vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by craftin...
Linux Distros Unpatched Vulnerability : CVE-2026-32814
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false the default,...
Use of Uninitialized Resource
Overview Affected versions of this package are vulnerable to Use of Uninitialized Resource in the decoding process of grid-based HEIF or AVIF images when a corrupted tile fails to decode and the library returns a success status, resulting in uninitialized heap memory being exposed as pixel data. ...
PT-2026-42006
Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description When decoding a HEIF grid image with strict decoding set to false the default, a corrupted tile may fail to decode silently. The library returns heif error Ok without indicating failure, resulting i...