10 matches found
CVE-2026-49271
A flaw was found in libheif, a decoder and encoder for HEIF and AVIF file formats. A remote attacker could exploit this vulnerability by providing a specially crafted HEIF file. The uncompressed HEIF decoder's validation of icef compressed-unit offsets can experience an integer wrap-around. This...
Linux Distros Unpatched Vulnerability : CVE-2026-49271
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offse...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the uncompressed HEIF decoder process. An attacker can cause a crash by supplying a crafted HEIF file that manipulates compressed-unit offsets to trigger an out-of-bounds heap read. Remediation A fix was pushed int...
USN-8454-1: libheif vulnerabilities
Elhanan Haenel discovered that libheif incorrectly handled certain malformed HEIF sequence files. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS. CVE-2026-32738 Elhanan Haenel discovered that libheif incorrectly...
EUVD-2026-31501
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...
Out-of-bounds Read
Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the Chunk process when handling files with a samplesperchunk value of zero. An attacker can cause a segmentation fault and denial of service by providing a specially crafted HEIF file that triggers an unsigned...
CVE-2026-32739
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...
libheif 输入验证错误漏洞
libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder from struktur open source. An input validation error vulnerability exists in versions prior to libheif 1.21.0, which stems from a specially crafted HEIF file triggering an over-read of the heap buffer, which may result in a...
libheif buffer overflow vulnerability
libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder. libheif version 1.6.2 contains a buffer overflow vulnerability in the convertcolorspace function in heifcolorconversion.cc. An attacker can exploit this vulnerability to cause a denial of service and disclose sensitive...
libheif 缓冲区错误漏洞
libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder. libheif version 1.6.2 contains a buffer overflow vulnerability in the convertcolorspace function in heifcolorconversion.cc. An attacker can exploit this vulnerability to cause a denial of service and disclose sensitive...