Alerts This Week
Warning Icon 1 1,308
Alerts This Week
Warning Icon 1 1,308

SUSE openSUSE Leap 15.4 libheif Moderate Info Leak Attack SUSE-2026-2681-1

suse
Calendar Grey June 29, 2026
Dist Suse Esm H88
Update for libheif fixes two vulnerabilities including root symlink privilege escalation and a memory leak issue.
An update that solves two vulnerabilities can now be installed.

Summary

## This update for libheif fixes the following issues * CVE-2026-32282: os: Root.Chmod can follow symlinks out of the root on Linux (bsc#1261658). * CVE-2026-32814: Uninitialized Heap Memory Information Leak via Failed Grid Tiles (bsc#1265878). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2026-2681=1 ## Package List: * openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64) * libheif-devel-1.12.0-150400.3.20.1 * libheif-debugsource-1.12.0-150400.3.20.1 * gdk-pixbuf-loader-libheif-debuginfo-1.12.0-150400.3.20.1 * libheif1-debuginfo-1.12.0-150400.3.20.1

Topics%20covered

Topics Covered

security advisory moderate information leak SuSE symlink attack libheif

References

* bsc#1261658

* bsc#1265878

Cross-

* CVE-2026-32282

* CVE-2026-32814

CVSS scores:

* CVE-2026-32282 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

* CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-32282 ( NVD ): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-32814 ( SUSE ): 5.7

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

* CVE-2026-32814 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

* CVE-2026-32814 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected Products:

* openSUSE Leap 15.4

An update that solves two vulnerabilities can now be installed.

##

* https://www.suse.com/security/cve/CVE-2026-32282.html

* https://www.suse.com/security/cve/CVE-2026-32814.html

Severity
moderate
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2681-1
Release Date: 2026-06-29T13:27:52Z
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate information leak SuSE symlink attack libheif

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here