Low severity3.3NVD Advisory· Published Mar 11, 2026· Updated Apr 29, 2026
CVE-2026-3950
CVE-2026-3950
Description
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. Applying a patch is the recommended action to fix this issue. The patch available is inofficial and not approved yet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6(expand)+ 1 more
- (no CPE)
- (no CPE)range: <=1.21.2
- osv-coords4 versionspkg:rpm/opensuse/libheif&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/libheif&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libheif&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/libheif&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 1.23.0-160000.1.1+ 3 more
- (no CPE)range: < 1.23.0-160000.1.1
- (no CPE)range: < 1.22.2-1.1
- (no CPE)range: < 1.23.0-160000.1.1
- (no CPE)range: < 1.23.0-160000.1.1
Patches
Vulnerability mechanics
References
6News mentions
0No linked articles in our index yet.