CVE-2026-32738

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0

Description An unsigned integer underflow occurs in the Chunk constructor when processing a crafted HEIF sequence file containing samples per chunk=0 in the stsc box. This causes all samples to map to an empty chunk, leading to a denial of service. A segmentation fault (SEGV), which is a null-page read, is triggered when the library attempts to access the first frame by reading from index 0 of an empty std::vector.

Recommendations Update to version 1.22.0.

Exploit

Fix

DoS

Out of bounds Read

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-476

Related Identifiers

CVE-2026-32738

ECHO-2807-9F4F-AD1F

OPENSUSE-SU-2026:10878-1

Affected Products

Libheif

CVE-2026-32738

Weakness Enumeration

Related Identifiers

Affected Products

References · 29