Updated libheif packages fix security vulnerabilities
Publication date: 13 Jul 2026Modification date: 13 Jul 2026
Type: security
Affected Mageia releases : 10
CVE: CVE-2026-32738 , CVE-2026-32739 , CVE-2026-32740 , CVE-2026-32741 , CVE-2026-32814 , CVE-2026-32882 , CVE-2026-3950 , CVE-2026-41069 , CVE-2026-41071 , CVE-2026-47178 , CVE-2026-49271
Description
libheif has a Heap OOB Read/SEGV Crash via Zero samples_per_chunk.
(CVE-2026-32738)
libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration
Lookup. (CVE-2026-32739)
Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing.
(CVE-2026-32740)
libheif has a heap buffer overflow in decode_mask_image().
(CVE-2026-32741)
Uninitialized Heap Memory Information Leak via Failed Grid Tiles.
(CVE-2026-32814)
Heap Buffer OOB Read in overlay compositing due to wrong alpha stride.
(CVE-2026-32882)
strukturag libheif stsz/stts track.cc load out-of-bounds.
(CVE-2026-3950)
libheif allows Out-of-bounds vector access leading to invalid
dereference (DoS). (CVE-2026-41069)
Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence
file with mismatched saiz sample count. (CVE-2026-41071)
A critical heap-based buffer overflow vulnerability exists in libheif
v1.21.2 (and likely earlier versions) within the handling of
uncompressed HEIF images (ISO/IEC 23001-17, unci item type). When
processing a tiled image with chroma subsampling (e.g., 4:2:0 or 4:2:2),
the library fails to scale spatial offsets for the chroma planes. This
leads to out-of-bounds memory writes when decoding any tile other than
the top-left one, potentially resulting in remote code execution.
(CVE-2026-47178)
Wrapped icef compressed-unit range check causes out-of-bounds read in
uncompressed HEIF decoder. (CVE-2026-49271)
References
- https://bugs.mageia.org/show_bug.cgi?id=35729
- https://ubuntu.com/security/notices/USN-8454-1
- https://ubuntu.com/security/notices/USN-8479-1
- https://www.cve.org/CVERecord?id=CVE-2026-32738
- https://www.cve.org/CVERecord?id=CVE-2026-32739
- https://www.cve.org/CVERecord?id=CVE-2026-32740
- https://www.cve.org/CVERecord?id=CVE-2026-32741
- https://www.cve.org/CVERecord?id=CVE-2026-32814
- https://www.cve.org/CVERecord?id=CVE-2026-32882
- https://www.cve.org/CVERecord?id=CVE-2026-3950
- https://www.cve.org/CVERecord?id=CVE-2026-41069
- https://www.cve.org/CVERecord?id=CVE-2026-41071
- https://www.cve.org/CVERecord?id=CVE-2026-47178
- https://www.cve.org/CVERecord?id=CVE-2026-49271
SRPMS
10/core
- libheif-1.20.2-3.1.mga10
10/tainted
- libheif-1.20.2-3.1.mga10.tainted