Advisories ยป MGASA-2026-0247

Updated libheif packages fix security vulnerabilities

Publication date: 13 Jul 2026
Modification date: 13 Jul 2026
Type: security
Affected Mageia releases : 10
CVE: CVE-2026-32738 , CVE-2026-32739 , CVE-2026-32740 , CVE-2026-32741 , CVE-2026-32814 , CVE-2026-32882 , CVE-2026-3950 , CVE-2026-41069 , CVE-2026-41071 , CVE-2026-47178 , CVE-2026-49271

Description

libheif has a Heap OOB Read/SEGV Crash via Zero samples_per_chunk.
(CVE-2026-32738)
libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration
Lookup. (CVE-2026-32739)
Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing.
(CVE-2026-32740)
libheif has a heap buffer overflow in decode_mask_image().
(CVE-2026-32741)
Uninitialized Heap Memory Information Leak via Failed Grid Tiles.
(CVE-2026-32814)
Heap Buffer OOB Read in overlay compositing due to wrong alpha stride.
(CVE-2026-32882)
strukturag libheif stsz/stts track.cc load out-of-bounds.
(CVE-2026-3950)
libheif allows Out-of-bounds vector access leading to invalid
dereference (DoS). (CVE-2026-41069)
Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence
file with mismatched saiz sample count. (CVE-2026-41071)
A critical heap-based buffer overflow vulnerability exists in libheif
v1.21.2 (and likely earlier versions) within the handling of
uncompressed HEIF images (ISO/IEC 23001-17, unci item type). When
processing a tiled image with chroma subsampling (e.g., 4:2:0 or 4:2:2),
the library fails to scale spatial offsets for the chroma planes. This
leads to out-of-bounds memory writes when decoding any tile other than
the top-left one, potentially resulting in remote code execution.
(CVE-2026-47178)
Wrapped icef compressed-unit range check causes out-of-bounds read in
uncompressed HEIF decoder. (CVE-2026-49271)
                

References

SRPMS

10/core

10/tainted