Amazon Linux 2023 : heif-pixbuf-loader, libheif, libheif-devel (ALAS2023-2026-1509)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1509 advisory. A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a...

SUSE CVE-2026-3949

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the vvdecpushdata2 function of the HEIF File Parser component. An attacker can cause an out-of-bounds read by manipulating the size argument during local exploitation. Remediation A fix was pushed into the master...

CVE-2026-3949

CVE-2026-3949 — libheif (up to 1.21.2) has a vulnerability in the HEIF File Parser component. The issue is in the function vvdec_push_data2 (libheif/plugins/decoder_vvdec.cc), where manipulating the argument size can cause an out-of-bounds read . The vulnerability requires local access to exploit...

PT-2026-24787

Name of the Vulnerable Software and Affected Versions strukturag libheif versions up to 1.21.2 Description A flaw exists in strukturag libheif that allows for an out-of-bounds read. The issue resides in the vvdec push data2 function within the libheif/plugins/decoder vvdec.cc file of the HEIF Fil...