Package "libheif-plugin-libde265"
| Name: |
libheif-plugin-libde265
|
Description: |
HEIF and AVIF file format decoder and encoder - libde265 plugin
|
| Latest version: |
1.21.2-3ubuntu0.1 |
| Release: |
resolute (26.04) |
| Level: |
security |
| Repository: |
universe |
| Head package: |
libheif |
| Homepage: |
http://www.libheif.org |
Links
Download "libheif-plugin-libde265"
Other versions of "libheif-plugin-libde265" in Resolute
Changelog
|
libheif (1.21.2-3ubuntu0.1) resolute-security; urgency=medium
* SECURITY UPDATE: Denial of service in Chuck construtor
- debian/patches/CVE-2026-32738.patch: Check that 'stsc' box does not
have zero samples per chunk in libheif/sequences/seq_boxes.cc
- CVE-2026-32738
* SECURITY UPDATE: Infinite loop for sequences with variable frame-rate.
- debian/patches/CVE-2026-32739.patch: Fix infinite loop for sequences
with variable frame-rate in libheif/api/libheif/heif_uncompressed.h
and libheif/sequences/seq_boxes.cc
- CVE-2026-32739
* SECURITY UPDATE: Heap overflow in grid tile compositing.
- debian/patches/CVE-2026-32740.patch: Fix computation of tile memory
area for 4:2:0 chroma and odd tile sizes in libheif/pixelimage.cc
- CVE-2026-32740
* SECURITY UPDATE: Buffer overflow when reading mask image.
- debian/patches/CVE-2026-32741.patch: Fix possible buffer overflow when
reading mask image in libheif/image-items/mask_image.cc
- CVE-2026-32741
* SECURITY UPDATE: Information leak in decode.
- debian/patches/CVE-2026-32814.patch: Initialize allocated memory to
avoid information leak in
libheif/image-items/grid.cc and libheif/pixelimage.cc
- CVE-2026-32814
* SECURITY UPDATE: Heap overflow in HeifPixelImage.
- debian/patches/CVE-2026-32882.patch: Fix overlay image with alpha
channels with stride different from color channel in
libheif/pixelimage.cc
- CVE-2026-32882
* SECURITY UPDATE: Out-of-bounds read in Track::load.
- debian/patches/CVE-2026-3950.patch: Validate stsc sample coverage
against stsz/stts in libheif/sequences/track.cc
- CVE-2026-3950
* SECURITY UPDATE: Out-of-bounds read in decoder.
- debian/patches/CVE-2026-41069.patch: Reject malformed sequence
files with saiz samples but no chunks in libheif/sequences/track.cc
- CVE-2026-41069
* SECURITY UPDATE: Out-of-bounds read in SampleAuxInfoReader
- debian/patches/CVE-2026-41071.patch: Reject malformed sequence
files where saiz sample count exceeds actual samples in
libheif/sequences/track.cc
- CVE-2026-41071
-- Kyle Kernick <email address hidden> Tue, 16 Jun 2026 15:03:55 -0600
|
| CVE-2026-32738 |
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samples_per_chun |
| CVE-2026-32739 |
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite lo |
| CVE-2026-32740 |
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the gri |
| CVE-2026-32741 |
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and below contain a heap buffer overflow in MaskImageCodec::decode_mask_i |
| CVE-2026-32814 |
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strict_decoding=false |
| CVE-2026-32882 |
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap buffer over-read in HeifPixelImage::overlay() in |
| CVE-2026-3950 |
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of th |
| CVE-2026-41069 |
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds |
| CVE-2026-41071 |
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares mo |
|
About
-
Send Feedback to @ubuntu_updates
