8 matches found
Astra Linux – Vulnerability in libheif
libheif is a decoder and encoder for HEIF and AVIF file formats. In versions 1.21.2 and earlier, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track’s chunk table could cause a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader...
JLSEC-2026-574
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...
PT-2026-49257
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...
CVE-2026-41071
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow out-of-bounds read in the SampleAuxInfoReader constructor. T...
PT-2026-42834
Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0 Description A heap-buffer-overflow out-of-bounds read occurs in the SampleAuxInfoReader constructor when parsing a crafted HEIF sequence file. The issue arises because the constructor iterates over the number o...
Linux Distros Unpatched Vulnerability : CVE-2026-32739
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in...
Infinite loop
Overview Affected versions of this package are vulnerable to Infinite loop in the getsampleduration function. An attacker can cause the application to enter an infinite loop and consume excessive CPU resources by providing a specially crafted HEIF file during file parsing. Remediation A fix was...
CVE-2026-32739 libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration Lookup
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...