Alerts This Week
Warning Icon 1 1,003
Alerts This Week
Warning Icon 1 1,003

SUSE libheif Important Heap Buffer Overflow DoS Solved 2026-2622-1

suse
Calendar Grey June 24, 2026
Dist Suse Esm H88
An update addressing 20 vulnerabilities in libheif with important security fixes is now available for SUSE systems.
An update that solves 20 vulnerabilities and has four security fixes can now be installed.

Summary

## This update for libheif fixes the following issues Update to 1.23.0: * CVE-2025-68431: heap buffer over-read in `HeifPixelImage: overlay()` via crafted HEIF that exercises the overlay image item (bsc#1255735). * CVE-2026-3950: manipulation of the component stsz/stts can lead to out-of- bounds read (bsc#1259544). * CVE-2026-32738: Heap OOB Read / SEGV Crash via Zero samples_per_chunk in stsc (bsc#1265874). * CVE-2026-32739: Infinite Loop DoS in stts Sample Duration Lookup (bsc#1265875). * CVE-2026-32740: Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing (bsc#1265876). * CVE-2026-32741: heap buffer overflow in decode_mask_image() (bsc#1265877). * CVE-2026-32814: Uninitialized Heap Memory Information Leak via Failed Grid Tiles (bsc#1265878).

Topics%20covered

Topics Covered

security advisory SuSE DoS important heap buffer overflow libheif

References

* bsc#1255735

* bsc#1259544

* bsc#1265874

* bsc#1265875

* bsc#1265876

* bsc#1265877

* bsc#1265878

* bsc#1265879

* bsc#1265979

* bsc#1265980

* bsc#1265981

* bsc#1265982

* bsc#1265983

* bsc#1265987

* bsc#1265988

* bsc#1265989

* bsc#1265990

* bsc#1265992

* bsc#1265995

* bsc#1265996

* bsc#1265997

* bsc#1266281

* bsc#1266282

* bsc#1267455

Cross-

* CVE-2025-68431

* CVE-2026-32738

* CVE-2026-32739

* CVE-2026-32740

* CVE-2026-32741

* CVE-2026-32814

* CVE-2026-32882

* CVE-2026-3949

* CVE-2026-3950

* CVE-2026-41069

* CVE-2026-41071

* CVE-2026-47178

* CVE-2026-47247

* CVE-2026-47251

* CVE-2026-47254

* CVE-2026-47709

* CVE-2026-47714

* CVE-2026-48029

* CVE-2026-49271

* CVE-2026-50142

CVSS scores:

* CVE-2025-68431 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2622-1
Release Date: 2026-06-24T11:55:37Z
Rating: important

Topics%20covered

Topics Covered

security advisory SuSE DoS important heap buffer overflow libheif

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here