CVE-2026-32738

Name
CVE-2026-32738
Description
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor (m_last_sample = 0 + 0 - 1 = UINT32_MAX), mapping all samples to an empty chunk and resulting in a denial of service. When any sample is accessed, the library reads from index 0 of an empty std::vector, causing a guaranteed SEGV (null-page read). The file parses successfully without producing an error; the crash occurs on the first frame access. This issue has been fixed in version 1.22.0.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
security-advisories@github.com https://github.com/strukturag/libheif/security/advisories/GHSA-7f2h-cmpf-v9ww

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:struktur:libheif:*:*:*:*:*:*:*:* libheif >= None < 1.22.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
libheif edge-main 1.21.2-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-main 1.20.2-r2 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-main 1.20.2-r1 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-main 1.17.6-r0 None possibly vulnerable
libheif edge-main 1.5.0-r0 None possibly vulnerable
libheif edge-community 1.21.2-r3 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.21.2-r2 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.21.2-r1 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.21.2-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.20.2-r1 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.20.2-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.20.1-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.19.8-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.19.7-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.19.5-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.17.6-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif edge-community 1.5.0-r0 None possibly vulnerable
libheif 3.23-main 1.23.0-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
libheif 3.23-main 1.21.2-r0 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable
libheif 3.23-main 1.20.2-r1 Jakub Jirutka <jakub@jirutka.cz> possibly vulnerable