libheif (SUSE:Linux Enterprise Module for Package Hub 15 SP7) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Module for Package Hub 15 SP7 package libheif, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (12)
CVE-2026-32740 — CVSS 8.8 (high): libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability…
CVE-2026-41071 — CVSS 8.1 (high): libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box…
CVE-2026-32741 — CVSS 7.1 (high): libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in…
CVE-2026-32882 — CVSS 7.1 (high): libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in…
CVE-2026-49271 — CVSS 6.5 (medium): libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef…
CVE-2026-32738 — CVSS 6.5 (medium): libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with…
CVE-2026-32739 — CVSS 6.5 (medium): libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an…
CVE-2026-32814 — CVSS 6.5 (medium): libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with…
CVE-2026-41069 — CVSS 6.5 (medium): libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an…
CVE-2025-68431 — CVSS 6.5 (medium): libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item…
CVE-2026-3950 — CVSS 3.3 (low): A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track…
CVE-2026-3949 — CVSS 3.3 (low): A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file…