Explore top 10 tips to secure your open-source projects now. Read More
×
Several security issues were fixed in libheif.
Software Description:
- libheif: An ISO/IEC 23008-12:2017 HEIF and AVIF file format decoder and encoder
Details:
Xianrui Dong discovered that libheif had an out-of-bounds read in its
HEIF sequence track parser. An attacker could possibly use this issue
to cause a denial of service or obtain sensitive information. This issue
only affected Ubuntu 26.04 LTS. (CVE-2026-47254)
Junyi Liu discovered that libheif had a null pointer dereference in its
image tiling interface. An attacker could possibly use this issue to
cause a denial of service. (CVE-2026-47709)
Calvin Young and Enoch Chow discovered that libheif had an integer
overflow in its inline mask size calculation. An attacker could
possibly use this issue to cause a denial of service or obtain sensitive
information. (CVE-2026-47714)
Ariel Koren discovered that libheif had an integer underflow in its
grid image tile coordinate transform. An attacker could possibly use
this issue t...
The problem can be corrected by updating your system to the following package versions: Ubuntu 26.04 LTS heif-gdk-pixbuf 1.21.2-3ubuntu0.3 heif-thumbnailer 1.21.2-3ubuntu0.3 heif-view 1.21.2-3ubuntu0.3 libheif-dev 1.21.2-3ubuntu0.3 libheif-examples 1.21.2-3ubuntu0.3 libheif-plugin-aomdec 1.21.2-3ubuntu0.3 libheif-plugin-aomenc 1.21.2-3ubuntu0.3 libheif-plugin-dav1d 1.21.2-3ubuntu0.3 libheif-plugin-ffmpegdec 1.21.2-3ubuntu0.3 libheif-plugin-j2kdec 1.21.2-3ubuntu0.3 libheif-plugin-j2kenc 1.21.2-3ubuntu0.3 libheif-plugin-jpegdec 1.21.2-3ubuntu0.3 libheif-plugin-jpegenc 1.21.2-3ubuntu0.3 libheif-plugin-kvazaar 1.21.2-3ubuntu0.3 libheif-plugin-libde265 1.21.2-3ubuntu0.3 libheif-plugin-rav1e 1.21.2-3ubuntu0.3 libheif-plugin-svtenc 1.21.2-3ubuntu0.3 libheif-plugin-x265 1.21.2-3ubuntu0.3 libheif-plugins-all 1.21.2-3ubuntu0.3 libheif1 1.21.2-3ubuntu0.3 Ubuntu 25.10 heif-gdk-pixbuf 1.20.2-1ubuntu0.6 heif-thumbnailer 1.20.2-1ubuntu0.6 heif-view 1.20.2-1ubuntu0.6 libheif-dev 1.20.2-1ubuntu0.6 libheif-examples 1.20.2-1ubuntu0.6 libheif-plugin-aomdec 1.20.2-1ubuntu0.6 libheif-plugin-aomenc 1.20.2-1ubuntu0.6 libheif-plugin-dav1d 1.20.2-1ubuntu0.6 libheif-plugin-ffmpegdec 1.20.2-1ubuntu0.6 libheif-plugin-j2kdec 1.20.2-1ubuntu0.6 libheif-plugin-j2kenc 1.20.2-1ubuntu0.6 libheif-plugin-jpegdec 1.20.2-1ubuntu0.6 libheif-plugin-jpegenc 1.20.2-1ubuntu0.6 libheif-plugin-kvazaar 1.20.2-1ubuntu0.6 libheif-plugin-libde265 1.20.2-1ubuntu0.6 libheif-plugin-rav1e 1.20.2-1ubuntu0.6 libheif-plugin-svtenc 1.20.2-1ubuntu0.6 libheif-plugin-x265 1.20.2-1ubuntu0.6 libheif-plugins-all 1.20.2-1ubuntu0.6 libheif1 1.20.2-1ubuntu0.6 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-8526-1
CVE-2026-47254, CVE-2026-47709, CVE-2026-47714, CVE-2026-48029,
CVE-2026-50142
Get the latest Linux and open source security news straight to your inbox.