Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 443
Alerts This Week
Warning Icon 1 443

Mageia libheif Important Buffer Overflow DoS Vulnerability 2026-0247

mageia
Calendar Grey July 13, 2026
Dist Mageia Esm H88
libheif faces multiple security issues leading to potential remote code execution, requiring urgent updates for Mageia users.
Security update

Summary

Description: libheif has a Heap OOB Read/SEGV Crash via Zero samples_per_chunk. (CVE-2026-32738) libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration Lookup. (CVE-2026-32739) Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing. (CVE-2026-32740) libheif has a heap buffer overflow in decode_mask_image(). (CVE-2026-32741) Uninitialized Heap Memory Information Leak via Failed Grid Tiles. (CVE-2026-32814) Heap Buffer OOB Read in overlay compositing due to wrong alpha stride. (CVE-2026-32882) strukturag libheif stsz/stts track.cc load out-of-bounds. (CVE-2026-3950) libheif allows Out-of-bounds vector access leading to invalid dereference (DoS). (CVE-2026-41069) Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count. (CVE-2026-41071) A critical heap-based buffer overflow vulnerability exists in libheif v1.21.2 (and likely earlier versions) within the handling of uncompressed HEIF images (ISO/IEC 23001-17, unci ite...

References

- https://bugs.mageia.org/show_bug.cgi?id=35729

- https://ubuntu.com/security/notices/USN-8454-1

- https://ubuntu.com/security/notices/USN-8479-1

- https://www.cve.org/CVERecord?id=CVE-2026-32738

- https://www.cve.org/CVERecord?id=CVE-2026-32739

- https://www.cve.org/CVERecord?id=CVE-2026-32740

- https://www.cve.org/CVERecord?id=CVE-2026-32741

- https://www.cve.org/CVERecord?id=CVE-2026-32814

- https://www.cve.org/CVERecord?id=CVE-2026-32882

- https://www.cve.org/CVERecord?id=CVE-2026-3950

- https://www.cve.org/CVERecord?id=CVE-2026-41069

- https://www.cve.org/CVERecord?id=CVE-2026-41071

- https://www.cve.org/CVERecord?id=CVE-2026-47178

- https://www.cve.org/CVERecord?id=CVE-2026-49271

Resolution

SRPMS

- 10/core/libheif-1.20.2-3.1.mga10

- 10/tainted/libheif-1.20.2-3.1.mga10.tainted

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 13 Jul 2026 
URL: https://advisories.mageia.org/MGASA-2026-0247.html
Type: security
CVE: CVE-2026-32738, CVE-2026-32739, CVE-2026-32740, CVE-2026-32741, CVE-2026-32814, CVE-2026-32882, CVE-2026-3950, CVE-2026-41069, CVE-2026-41071, CVE-2026-47178, CVE-2026-49271

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.