Explore top 10 tips to secure your open-source projects now. Read More
×
Description: libheif has a Heap OOB Read/SEGV Crash via Zero samples_per_chunk. (CVE-2026-32738) libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration Lookup. (CVE-2026-32739) Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing. (CVE-2026-32740) libheif has a heap buffer overflow in decode_mask_image(). (CVE-2026-32741) Uninitialized Heap Memory Information Leak via Failed Grid Tiles. (CVE-2026-32814) Heap Buffer OOB Read in overlay compositing due to wrong alpha stride. (CVE-2026-32882) strukturag libheif stsz/stts track.cc load out-of-bounds. (CVE-2026-3950) libheif allows Out-of-bounds vector access leading to invalid dereference (DoS). (CVE-2026-41069) Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count. (CVE-2026-41071) A critical heap-based buffer overflow vulnerability exists in libheif v1.21.2 (and likely earlier versions) within the handling of uncompressed HEIF images (ISO/IEC 23001-17, unci ite...
- https://bugs.mageia.org/show_bug.cgi?id=35729
- https://ubuntu.com/security/notices/USN-8454-1
- https://ubuntu.com/security/notices/USN-8479-1
- https://www.cve.org/CVERecord?id=CVE-2026-32738
- https://www.cve.org/CVERecord?id=CVE-2026-32739
- https://www.cve.org/CVERecord?id=CVE-2026-32740
- https://www.cve.org/CVERecord?id=CVE-2026-32741
- https://www.cve.org/CVERecord?id=CVE-2026-32814
- https://www.cve.org/CVERecord?id=CVE-2026-32882
- https://www.cve.org/CVERecord?id=CVE-2026-3950
- https://www.cve.org/CVERecord?id=CVE-2026-41069
- https://www.cve.org/CVERecord?id=CVE-2026-41071
- https://www.cve.org/CVERecord?id=CVE-2026-47178
- https://www.cve.org/CVERecord?id=CVE-2026-49271
- 10/core/libheif-1.20.2-3.1.mga10
- 10/tainted/libheif-1.20.2-3.1.mga10.tainted
Publication date:13 Jul 2026
Get the latest Linux and open source security news straight to your inbox.