CVE-2026-32741

Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0

Description A heap buffer overflow exists in the MaskImageCodec::decode mask image() function. This occurs when decoding a HEIF file containing a mask image (mski) because the function copies the full iloc extent data into a pixel buffer using memcpy() without an upper-bound check on the data length. An attacker can craft a file where the iloc extent exceeds the pixel buffer allocation, leading to a heap overflow. This condition is met when the mskC property specifies bits per pixel = 8 and the ispe property declares an even width ≥ 64, ensuring the stride equals the width.

Recommendations Update to version 1.22.0.