CVE-2026-41071 libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

CVE-2026-41071

CVE-2026-41071 affects libheif up to version 1.21.2. A crafted HEIF sequence file where the saiz box declares more samples than actually exist can trigger a heap‑buffer‑overflow (out‑of‑bounds read) in the SampleAuxInfoReader constructor when parsing via heif_context_read_from_file. The reader it...

CVE-2026-41071 libheif: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...

SUSE CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

SUSE CVE-2026-32741

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decodemaskimage. When decoding a HEIF file containing a mask image mski, the function copies the full iloc extent data into a pixel buffer using memcpydst,...

ALPINE-CVE-2026-32739

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

EUVD-2026-30975

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

Amazon Linux 2023 : heif-pixbuf-loader, libheif, libheif-devel (ALAS2023-2026-1509)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1509 advisory. A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a...

SUSE CVE-2026-3949

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the vvdecpushdata2 function of the HEIF File Parser component. An attacker can cause an out-of-bounds read by manipulating the size argument during local exploitation. Remediation A fix was pushed into the master...

CVE-2026-3949

CVE-2026-3949 — libheif (up to 1.21.2) has a vulnerability in the HEIF File Parser component. The issue is in the function vvdec_push_data2 (libheif/plugins/decoder_vvdec.cc), where manipulating the argument size can cause an out-of-bounds read . The vulnerability requires local access to exploit...

PT-2026-24787

Name of the Vulnerable Software and Affected Versions strukturag libheif versions up to 1.21.2 Description A flaw exists in strukturag libheif that allows for an out-of-bounds read. The issue resides in the vvdec push data2 function within the libheif/plugins/decoder vvdec.cc file of the HEIF Fil...

openSUSE 16 Security Update : libheif (openSUSE-SU-2026:20076-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20076-1 advisory. - CVE-2025-68431: heap buffer over-read in HeifPixelImage::overlay via crafted HEIF file that exercises the overlay image item path bsc1255735. Tenable...

OPENSUSE-SU-2026:20076-1 Security update for libheif

This update for libheif fixes the following issues: - CVE-2025-68431: heap buffer over-read in HeifPixelImage::overlay via crafted HEIF file that exercises the overlay image item path bsc1255735...

SUSE-SU-2026:20121-1 Security update for libheif

This update for libheif fixes the following issues: - CVE-2025-68431: heap buffer over-read in HeifPixelImage::overlay via crafted HEIF file that exercises the overlay image item path bsc1255735...

Libheif uncompressed codec lacks bounds check leading to application crash

Overview An out-of-bounds memory access vulnerability exists in the uncompressed decoder component of libheif. A maliciously crafted HEIF image can trigger a denial-of-service condition by causing the libheif library to crash or exhibit other unexpected behavior due to an out-of-bounds memory...

EUVD-2020-15863

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2020-23109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buffer overflow vulnerability in function convertcolorspace in heifcolorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and...

[SECURITY] Fedora 41 Update: libheif-1.19.5-3.fc41

libheif is an ISO/IEC 23008-12:2017 HEIF and AVIF AV1 Image File Format file format decoder and encoder...