USN-8526-1: libheif vulnerabilities

Publication date

9 July 2026

Overview

Several security issues were fixed in libheif.


Packages

  • libheif - An ISO/IEC 23008-12:2017 HEIF and AVIF file format decoder and encoder

Details

Xianrui Dong discovered that libheif had an out-of-bounds read in its
HEIF sequence track parser. An attacker could possibly use this issue
to cause a denial of service or obtain sensitive information. This issue
only affected Ubuntu 26.04 LTS. (CVE-2026-47254)

Junyi Liu discovered that libheif had a null pointer dereference in its
image tiling interface. An attacker could possibly use this issue to
cause a denial of service. (CVE-2026-47709)

Calvin Young and Enoch Chow discovered that libheif had an integer
overflow in its inline mask size calculation. An attacker could
possibly use this issue to cause a denial of service or obtain sensitive
information. (CVE-2026-47714)

Ariel Koren discovered that libheif had an integer underflow in its
grid image tile coordinate transform. An attacker could possibly...

Xianrui Dong discovered that libheif had an out-of-bounds read in its
HEIF sequence track parser. An attacker could possibly use this issue
to cause a denial of service or obtain sensitive information. This issue
only affected Ubuntu 26.04 LTS. (CVE-2026-47254)

Junyi Liu discovered that libheif had a null pointer dereference in its
image tiling interface. An attacker could possibly use this issue to
cause a denial of service. (CVE-2026-47709)

Calvin Young and Enoch Chow discovered that libheif had an integer
overflow in its inline mask size calculation. An attacker could
possibly use this issue to cause a denial of service or obtain sensitive
information. (CVE-2026-47714)

Ariel Koren discovered that libheif had an integer underflow in its
grid image tile coordinate transform. An attacker could possibly use
this issue to cause a denial of service or obtain sensitive information.
(CVE-2026-48029)

It was discovered that libheif had a missing bound check in its HEIF
sequence parser, allowing unbounded heap allocation. An attacker could
possibly use this issue to cause a denial of service. (CVE-2026-50142)


Update instructions

In general, a standard system update will make all the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
26.04 LTS resolute heif-gdk-pixbuf –  1.21.2-3ubuntu0.3
heif-thumbnailer –  1.21.2-3ubuntu0.3
heif-view –  1.21.2-3ubuntu0.3
libheif-dev –  1.21.2-3ubuntu0.3
libheif-examples –  1.21.2-3ubuntu0.3
libheif-plugin-aomdec –  1.21.2-3ubuntu0.3
libheif-plugin-aomenc –  1.21.2-3ubuntu0.3
libheif-plugin-dav1d –  1.21.2-3ubuntu0.3
libheif-plugin-ffmpegdec –  1.21.2-3ubuntu0.3
libheif-plugin-j2kdec –  1.21.2-3ubuntu0.3
libheif-plugin-j2kenc –  1.21.2-3ubuntu0.3
libheif-plugin-jpegdec –  1.21.2-3ubuntu0.3
libheif-plugin-jpegenc –  1.21.2-3ubuntu0.3
libheif-plugin-kvazaar –  1.21.2-3ubuntu0.3
libheif-plugin-libde265 –  1.21.2-3ubuntu0.3
libheif-plugin-rav1e –  1.21.2-3ubuntu0.3
libheif-plugin-svtenc –  1.21.2-3ubuntu0.3
libheif-plugin-x265 –  1.21.2-3ubuntu0.3
libheif-plugins-all –  1.21.2-3ubuntu0.3
libheif1 –  1.21.2-3ubuntu0.3
25.10 questing heif-gdk-pixbuf –  1.20.2-1ubuntu0.6
heif-thumbnailer –  1.20.2-1ubuntu0.6
heif-view –  1.20.2-1ubuntu0.6
libheif-dev –  1.20.2-1ubuntu0.6
libheif-examples –  1.20.2-1ubuntu0.6
libheif-plugin-aomdec –  1.20.2-1ubuntu0.6
libheif-plugin-aomenc –  1.20.2-1ubuntu0.6
libheif-plugin-dav1d –  1.20.2-1ubuntu0.6
libheif-plugin-ffmpegdec –  1.20.2-1ubuntu0.6
libheif-plugin-j2kdec –  1.20.2-1ubuntu0.6
libheif-plugin-j2kenc –  1.20.2-1ubuntu0.6
libheif-plugin-jpegdec –  1.20.2-1ubuntu0.6
libheif-plugin-jpegenc –  1.20.2-1ubuntu0.6
libheif-plugin-kvazaar –  1.20.2-1ubuntu0.6
libheif-plugin-libde265 –  1.20.2-1ubuntu0.6
libheif-plugin-rav1e –  1.20.2-1ubuntu0.6
libheif-plugin-svtenc –  1.20.2-1ubuntu0.6
libheif-plugin-x265 –  1.20.2-1ubuntu0.6
libheif-plugins-all –  1.20.2-1ubuntu0.6
libheif1 –  1.20.2-1ubuntu0.6

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.


Have additional questions?

Talk to a member of the team ›