UbuntuUpdates.org

Package "libheif-plugin-libde265"

Name: libheif-plugin-libde265

Description:

ISO/IEC 23008-12:2017 HEIF file format decoder - libde265 plugin
Latest version: 1.17.6-1ubuntu4.4
Release: noble (24.04)
Level: updates
Repository: main
Head package: libheif
Homepage: http://www.libheif.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libheif-plugin-libde265"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libheif-plugin-libde265" in Noble

Repository Area Version
base main 1.17.6-1ubuntu4
security main 1.17.6-1ubuntu4.4

Changelog

Version: 1.17.6-1ubuntu4.4 2026-06-18 20:07:35 UTC

  libheif (1.17.6-1ubuntu4.4) noble-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow when reading mask image.
    - debian/patches/CVE-2026-32741.patch: Fix possible buffer overflow when
      reading mask image in libheif/image-items/mask_image.cc
    - CVE-2026-32741
  * SECURITY UPDATE: Information leak in decode.
    - debian/patches/CVE-2026-32814.patch: Initialize allocated memory to
      avoid information leak in libheif/pixelimage.cc
    - CVE-2026-32814
  * SECURITY UPDATE: Heap overflow in HeifPixelImage.
    - debian/patches/CVE-2026-32882.patch: Fix overlay image with alpha
      channels with stride different from color channel in
      libheif/pixelimage.cc
    - CVE-2026-32882

 -- Kyle Kernick <email address hidden> Tue, 16 Jun 2026 17:16:55 -0600
Source diff to previous version
CVE-2026-32741 libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_i
CVE-2026-32814 libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false
CVE-2026-32882 libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay() in

Version: 1.17.6-1ubuntu4.3 2026-05-06 18:07:53 UTC

  libheif (1.17.6-1ubuntu4.3) noble; urgency=medium

  * d/control: Demote libheif-plugin-libde265 to Suggests. (lp: #2142762)

 -- Charles <email address hidden> Thu, 26 Feb 2026 12:28:49 +0000
Source diff to previous version
2142762 [SRU] Demote libde265 to Suggests

Version: 1.17.6-1ubuntu4.2 2026-01-12 03:29:24 UTC

  libheif (1.17.6-1ubuntu4.2) noble-security; urgency=medium

  * SECURITY UPDATE: Denial of Service
    - debian/patches/CVE-2024-25269.patch: Fix memory leaks in function
      JpegEncoder::Encode
    - CVE-2024-25269
  * SECURITY UPDATE: Buffer Overflow
    - debian/patches/CVE-2025-68431.patch: Fix wrong copy width in
      overlay images, thanks to Aldo Ristori
    - CVE-2025-68431

 -- Bruce Cable <email address hidden> Wed, 07 Jan 2026 17:41:16 +1100
Source diff to previous version
CVE-2024-25269 libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack.
CVE-2025-68431 libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path trigg

Version: 1.17.6-1ubuntu4.1 2024-10-23 12:08:15 UTC

  libheif (1.17.6-1ubuntu4.1) noble-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds data read/write in ImageOverlay::parse()
    - debian/patches/CVE-2024-41311.patch: added patch to check that
      overlay's offsets are valid
    - CVE-2024-41311

 -- Shishir Subedi <email address hidden> Mon, 21 Oct 2024 16:33:55 +0545
CVE-2024-41311 In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an o


About   -   Send Feedback to @ubuntu_updates