Packages
- libheif - An ISO/IEC 23008-12:2017 HEIF and AVIF file format decoder and encoder
Details
Elhanan Haenel discovered that libheif incorrectly handled certain
malformed HEIF sequence files. An attacker could possibly use this
issue to cause a denial of service. This issue only affected Ubuntu 25.10
and Ubuntu 26.04 LTS. (CVE-2026-32738)
Elhanan Haenel discovered that libheif incorrectly handled certain
malformed HEIF sequence files, leading to an infinite loop. An attacker
could possibly use this issue to cause libheif to use excessive
resources, resulting in a denial of service. This issue only affected
Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-32739)
Elhanan Haenel discovered that libheif incorrectly handled certain
crafted HEIF/AVIF image files. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. This issue only
affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (
Elhanan Haenel discovered that libheif incorrectly handled certain
malformed HEIF sequence files. An attacker could possibly use this
issue to cause a denial of service. This issue only affected Ubuntu 25.10
and Ubuntu 26.04 LTS. (CVE-2026-32738)
Elhanan Haenel discovered that libheif incorrectly handled certain
malformed HEIF sequence files, leading to an infinite loop. An attacker
could possibly use this issue to cause libheif to use excessive
resources, resulting in a denial of service. This issue only affected
Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-32739)
Elhanan Haenel discovered that libheif incorrectly handled certain
crafted HEIF/AVIF image files. An attacker could possibly use this issue
to cause a denial of service or execute arbitrary code. This issue only
affected Ubuntu 25.10 and Ubuntu 26.04 LTS. (CVE-2026-32740)
It was discovered that libheif incorrectly handled certain crafted HEIF
files containing mask images. An attacker could possibly use this issue to
cause a denial of service or execute arbitrary code. This issue only
affected Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS.
(CVE-2026-32741)
It was discovered that libheif incorrectly handled certain crafted
grid-based HEIF/AVIF files. An attacker could possibly use this issue to
obtain sensitive information. This issue only affected Ubuntu 20.04 LTS,
Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, Ubuntu 25.10, and Ubuntu 26.04 LTS.
(CVE-2026-32814)
It was discovered that libheif incorrectly handled certain crafted HEIF
files when compositing overlay images. An attacker could possibly use this
issue to cause a denial of service or obtain sensitive information.
(CVE-2026-32882)
It was discovered that libheif incorrectly handled certain crafted
files. An attacker could possibly use this issue to cause a denial of
service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS.
(CVE-2026-3950)
It was discovered that libheif incorrectly handled certain malformed
HEIF sequence files. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04
LTS. (CVE-2026-41069)
It was discovered that libheif incorrectly handled certain crafted HEIF
sequence files. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 25.10 and Ubuntu 26.04 LTS.
(CVE-2026-41071)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.