CVE-2026-41069

CVE-2026-41069

Name

CVE-2026-41069

Description

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entry_count == 0 (creating no chunks) while still passing validation because saio.entry_count == 0 matches, but with saiz.sample_count > 0 the SampleAuxInfoReader constructor still enters its loop. This leads to an out-of-bounds dereference on the empty chunks[0] in chunked mode.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
security-advisories@github.com	https://github.com/strukturag/libheif/releases/tag/v1.22.0
security-advisories@github.com	https://github.com/strukturag/libheif/security/advisories/GHSA-p82x-fpmv-576r

Type

URI

security-advisories@github.com

https://github.com/strukturag/libheif/releases/tag/v1.22.0

security-advisories@github.com

https://github.com/strukturag/libheif/security/advisories/GHSA-p82x-fpmv-576r

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:struktur:libheif::::::::`	libheif	>= None	< 1.22.0

CPE URI

Source package

Min version

Max version

cpe:2.3:a:struktur:libheif:*:*:*:*:*:*:*:*

libheif

>= None

< 1.22.0

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
libheif	edge-main	1.21.2-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libheif	edge-main	1.20.2-r2	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libheif	edge-main	1.20.2-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libheif	edge-main	1.17.6-r0	None	possibly vulnerable
libheif	edge-main	1.5.0-r0	None	possibly vulnerable
libheif	edge-community	1.21.2-r3	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libheif	edge-community	1.21.2-r2	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libheif	edge-community	1.21.2-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libheif	edge-community	1.21.2-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libheif	edge-community	1.20.2-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libheif	edge-community	1.20.2-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libheif	edge-community	1.20.1-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libheif	edge-community	1.19.8-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libheif	edge-community	1.19.7-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libheif	edge-community	1.19.5-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libheif	edge-community	1.17.6-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libheif	edge-community	1.5.0-r0	None	possibly vulnerable
libheif	3.23-main	1.21.2-r0	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable
libheif	3.23-main	1.20.2-r1	Jakub Jirutka <jakub@jirutka.cz>	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages