JLSEC-2026-574

See a problem?
Please try reporting it to the source first.
Source
https://github.com/JuliaLang/SecurityAdvisories.jl/blob/main/advisories/published/2026/JLSEC-2026-574.md
Import Source
https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-574.json
JSON Data
https://api.osv.dev/v1/vulns/JLSEC-2026-574
Upstream
  • CVE-2026-41071
  • EUVD-2026-31501
Published
2026-06-05T15:18:28.412Z
Modified
2026-06-05T15:30:16.755097653Z
Severity
  • 5.1 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
[none]
Details

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file where the saiz box declares more samples than actually exist in the track's chunk table causes a heap-buffer-overflow (out-of-bounds read) in the SampleAuxInfoReader constructor. The SampleAuxInfoReader constructor iterates over saiz->getnumsamples() samples but doesn't validate that this count is consistent with the number of chunks in the chunks vector. When saiz declares more samples than the chunks cover, the loop increments currentchunk past chunks.size(), causing an out-of-bounds read on the chunks vector. The vulnerability is triggered during file parsing (heifcontextreadfrom_file) without any additional user interaction. Any application using libheif to open untrusted HEIF files is affected. This issue has been fixed in version 1.22.0.

Database specific 
{
    "license": "CC-BY-4.0",
    "sources": [
        {
            "published": "2026-05-22T22:16:55.470Z",
            "html_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-41071",
            "url": "https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2026-41071",
            "modified": "2026-05-27T15:25:32.657Z",
            "database_specific": {
                "status": "Analyzed"
            },
            "id": "CVE-2026-41071",
            "imported": "2026-06-05T14:52:24.579Z"
        },
        {
            "published": "2026-05-22T20:59:09Z",
            "html_url": "https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31501",
            "url": "https://euvdservices.enisa.europa.eu/api/enisaid?id=EUVD-2026-31501",
            "modified": "2026-05-27T13:25:06Z",
            "imported": "2026-06-05T14:52:25.842Z",
            "id": "EUVD-2026-31501"
        }
    ]
}
References

Affected packages

Julia / libheif_jll

Package

Name
libheif_jll
Purl
pkg:julia/libheif_jll?uuid=a13778fd-9a17-58b4-b5a0-4b4a242815a9

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.22.2000+0

Database specific

source 
"https://github.com/JuliaLang/SecurityAdvisories.jl/tree/generated/osv/2026/JLSEC-2026-574.json"