Vulnerability Description
libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by crafting a HEIF/AVIF file with a 1×4 grid of odd-height tiles. The overflow is triggered during normal image decoding with default build configuration. The written bytes are chroma (Cb/Cr) pixel values from the attacking tile, giving the attacker full control over the overflow content. This issue has been fixed in version 1.22.0.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Struktur | Libheif | < 1.22.0 |
Related Weaknesses (CWE)
References
- https://github.com/strukturag/libheif/releases/tag/v1.22.0Release Notes
- https://github.com/strukturag/libheif/security/advisories/GHSA-frfr-f3vg-2g6jExploitVendor Advisory
FAQ
What is CVE-2026-32740?
CVE-2026-32740 is a vulnerability with a CVSS score of 8.8 (HIGH). libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 6...
How severe is CVE-2026-32740?
CVE-2026-32740 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-32740?
Check the references section above for vendor advisories and patch information. Affected products include: Struktur Libheif.