Explore top 10 tips to secure your open-source projects now. Read More
×
## This update for libheif fixes the following issues Update to 1.23.0: * CVE-2025-68431: heap buffer over-read in `HeifPixelImage: overlay()` via crafted HEIF that exercises the overlay image item (bsc#1255735). * CVE-2026-3949: manipulation of the argument size of a malicious frame can lead to out-of-bounds read (bsc#1259541). * CVE-2026-3950: manipulation of the component stsz/stts can lead to out-of- bounds read (bsc#1259544). * CVE-2026-32738: Heap OOB Read / SEGV Crash via Zero samples_per_chunk in stsc (bsc#1265874). * CVE-2026-32739: Infinite Loop DoS in stts Sample Duration Lookup (bsc#1265875). * CVE-2026-32740: Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing (bsc#1265876). * CVE-2026-32741: heap buffer overflow in decode_mask_image() (bsc#1265877).
* bsc#1255735
* bsc#1259541
* bsc#1259544
* bsc#1265874
* bsc#1265875
* bsc#1265876
* bsc#1265877
* bsc#1265878
* bsc#1265879
* bsc#1265979
* bsc#1265980
* bsc#1265981
* bsc#1265982
* bsc#1265983
* bsc#1265987
* bsc#1265988
* bsc#1265989
* bsc#1265990
* bsc#1265992
* bsc#1265995
* bsc#1265996
* bsc#1265997
* bsc#1266281
* bsc#1266282
* bsc#1267455
Cross-
* CVE-2025-68431
* CVE-2026-32738
* CVE-2026-32739
* CVE-2026-32740
* CVE-2026-32741
* CVE-2026-32814
* CVE-2026-32882
* CVE-2026-3949
* CVE-2026-3950
* CVE-2026-41069
* CVE-2026-41071
* CVE-2026-47178
* CVE-2026-47247
* CVE-2026-47251
* CVE-2026-47254
* CVE-2026-47709
* CVE-2026-47714
* CVE-2026-48029
* CVE-2026-49271
* CVE-2026-50142
CVSS scores:
* CVE-2025-68431 ( SUSE ): 6.8
Get the latest Linux and open source security news straight to your inbox.