rpm package
opensuse/libheif&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/libheif&distro=openSUSE%20Tumbleweed
Vulnerabilities (15)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-49271 | — | < 1.23.0-2.1 | 1.23.0-2.1 | Jun 19, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unit_offset + unit_size. Because the addition can wrap, a crafted HEIF file can pass the range check and then c | ||
| CVE-2026-41071 | Hig | 8.1 | < 1.22.2-1.1 | 1.22.2-1.1 | May 22, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow (out-of-bounds read) in the SampleAuxInfoRe | |
| CVE-2026-41069 | Med | 6.5 | < 1.22.2-1.1 | 1.22.2-1.1 | May 22, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entry_count == 0 (creating no chunks) while still | |
| CVE-2026-32882 | Hig | 7.1 | < 1.22.2-1.1 | 1.22.2-1.1 | May 19, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay() in libheif/pixelimage.cc. When compositing an overlay image (iovl) whose child image has a different bit depth for the alpha channel | |
| CVE-2026-32814 | Med | 6.5 | < 1.22.2-1.1 | 1.22.2-1.1 | May 19, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to decode and the library returns heif_error_Ok with no indication of failure, leadi | |
| CVE-2026-32741 | Hig | 7.1 | < 1.22.2-1.1 | 1.22.2-1.1 | May 19, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a HEIF file containing a mask image (mski), the function copies the full iloc extent data into a pixel buffer | |
| CVE-2026-32740 | Hig | 8.8 | < 1.22.2-1.1 | 1.22.2-1.1 | May 19, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap al | |
| CVE-2026-32739 | Med | 6.5 | < 1.22.2-1.1 | 1.22.2-1.1 | May 19, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteratio | |
| CVE-2026-32738 | Med | 6.5 | < 1.22.2-1.1 | 1.22.2-1.1 | May 19, 2026 | libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor (m_last_sample = 0 + 0 - 1 = UINT32_MAX), mapping | |
| CVE-2026-3950 | Low | 3.3 | < 1.22.2-1.1 | 1.22.2-1.1 | Mar 11, 2026 | A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publi | |
| CVE-2026-3949 | Low | 3.3 | < 1.21.2-2.1 | 1.21.2-2.1 | Mar 11, 2026 | A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack n | |
| CVE-2025-68431 | — | < 1.21.1-1.1 | 1.21.1-1.1 | Dec 29, 2025 | libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped o | ||
| CVE-2024-41311 | — | < 1.19.5-2.1 | 1.19.5-2.1 | Oct 15, 2024 | In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. | ||
| CVE-2023-29659 | — | < 1.19.5-2.1 | 1.19.5-2.1 | May 5, 2023 | A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. | ||
| CVE-2023-0996 | — | < 1.19.5-2.1 | 1.19.5-2.1 | Feb 24, 2023 | There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. |
- CVE-2026-49271Jun 19, 2026affected < 1.23.0-2.1fixed 1.23.0-2.1
libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unit_offset + unit_size. Because the addition can wrap, a crafted HEIF file can pass the range check and then c
- affected < 1.22.2-1.1fixed 1.22.2-1.1
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow (out-of-bounds read) in the SampleAuxInfoRe
- affected < 1.22.2-1.1fixed 1.22.2-1.1
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entry_count == 0 (creating no chunks) while still
- affected < 1.22.2-1.1fixed 1.22.2-1.1
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay() in libheif/pixelimage.cc. When compositing an overlay image (iovl) whose child image has a different bit depth for the alpha channel
- affected < 1.22.2-1.1fixed 1.22.2-1.1
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false (the default), a corrupted tile silently fails to decode and the library returns heif_error_Ok with no indication of failure, leadi
- affected < 1.22.2-1.1fixed 1.22.2-1.1
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_image(). When decoding a HEIF file containing a mask image (mski), the function copies the full iloc extent data into a pixel buffer
- affected < 1.22.2-1.1fixed 1.22.2-1.1
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap al
- affected < 1.22.2-1.1fixed 1.22.2-1.1
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Box_stts::get_sample_duration(), consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteratio
- affected < 1.22.2-1.1fixed 1.22.2-1.1
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor (m_last_sample = 0 + 0 - 1 = UINT32_MAX), mapping
- affected < 1.22.2-1.1fixed 1.22.2-1.1
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publi
- affected < 1.21.2-2.1fixed 1.21.2-2.1
A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack n
- CVE-2025-68431Dec 29, 2025affected < 1.21.1-1.1fixed 1.21.1-1.1
libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path triggers a heap buffer over-read in `HeifPixelImage::overlay()`. The function computes a negative row length (likely from an unclipped o
- CVE-2024-41311Oct 15, 2024affected < 1.19.5-2.1fixed 1.19.5-2.1
In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.
- CVE-2023-29659May 5, 2023affected < 1.19.5-2.1fixed 1.19.5-2.1
A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.
- CVE-2023-0996Feb 24, 2023affected < 1.19.5-2.1fixed 1.19.5-2.1
There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.