CVE-2026-32814
Description
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to decode and the library returns heif_error_Ok with no indication of failure, leading to an uninitialized heap memory information leak. The canvas is allocated via create_clone_image_at_new_size() → plane.alloc() → new (std::nothrow) uint8_t[allocation_size] which does not zero the memory; only the alpha plane is explicitly initialized via fill_plane(), so the Y, Cb, and Cr planes contain whatever was previously at that heap address. The failed tile's region of the canvas is never written. It retains uninitialized heap data that is delivered to the caller as decoded pixel values (4,096 bytes per Y/Cb/Cr plane = 12,288+ bytes total). Any application using libheif to decode grid-based HEIF/AVIF files with default settings is vulnerable: a crafted .heic or .avif file causes 4,096+ bytes of heap memory to appear as pixel values in the decoded image, and the calling application receives heif_error_Ok, so it has no indication the output contains heap garbage. In server-side image processing, an uploaded crafted HEIF decoded and re-encoded (e.g., as PNG/JPEG for thumbnails, CDN, social media) can leak cross-user data such as auth tokens, database results, and other users' image data. This issue has been fixed in version 1.22.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
libheif ≤1.21.2 leaks up to 12,288+ bytes of uninitialized heap memory via corrupted HEIF/AVIF grid tiles when strict_decoding is off, exposing cross-user data in server-side processing.
Vulnerability
In libheif versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to decode and the library returns heif_error_Ok with no indication of failure [1]. The canvas is allocated via create_clone_image_at_new_size() → plane.alloc() → new (std::nothrow) uint8_t[allocation_size] which does not zero the memory; only the alpha plane is explicitly initialized via fill_plane(), so the Y, Cb, and Cr planes retain whatever heap data was previously at that address [1]. The failed tile's region of the canvas is never written, delivering uninitialized heap data (4,096 bytes per Y/Cb/Cr plane, totaling 12,288+ bytes) to the caller as decoded pixel values [1]. Affected versions: all up to and including 1.21.2.
Exploitation
An attacker with the ability to deliver a crafted .heic or .avif file to an application using libheif can trigger the leak [1]. No authentication or special network position is required if the file is uploaded to a server that decodes it. The attacker constructs a HEIF/AVIF grid image where at least one tile is deliberately corrupted. When the application calls heif_decode_image() with default settings (strict_decoding=false), the corrupt tile fails to decode silently, the function returns heif_error_Ok, and the uninitialized heap region becomes part of the decoded image output [1]. The calling application has no indication of failure and may re-encode the result (e.g., as PNG/JPEG for thumbnails, CDN, or social media) [1].
Impact
Successful exploitation leaks the contents of heap memory from the server process into the decoded image, potentially exposing sensitive cross-user data such as authentication tokens, session identifiers, database query results, or other users' image data [1]. In server-side image processing pipelines, this information can be transmitted to the attacker or embedded in downstream assets. The CIA outcome is primarily information disclosure; no code execution or privilege escalation is achieved, but the leaked heap memory can reveal secrets that facilitate further attacks [1].
Mitigation
This issue has been fixed in libheif version 1.22.0 [1][2]. Users should upgrade to 1.22.0 or later. There is no known workaround for unpatched versions other than enabling strict_decoding=true, which causes the entire decode to fail on corrupt tiles and may break legitimate files; the default remains false for backward compatibility [1]. No CVE entry for the KEV list was provided.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=1.21.2
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.