libheif has a Heap OOB Read/SEGV Crash via Zero samplesperchunk. (CVE-2026-32738) libheif is Vulnerable to Infinite Loop DoS via stts Sample Duration Lookup. (CVE-2026-32739) Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing. (CVE-2026-32740) libheif has a heap buffer overflow in decodemaskimage(). (CVE-2026-32741) Uninitialized Heap Memory Information Leak via Failed Grid Tiles. (CVE-2026-32814) Heap Buffer OOB Read in overlay compositing due to wrong alpha stride. (CVE-2026-32882) strukturag libheif stsz/stts track.cc load out-of-bounds. (CVE-2026-3950) libheif allows Out-of-bounds vector access leading to invalid dereference (DoS). (CVE-2026-41069) Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz sample count. (CVE-2026-41071) A critical heap-based buffer overflow vulnerability exists in libheif v1.21.2 (and likely earlier versions) within the handling of uncompressed HEIF images (ISO/IEC 23001-17, unci item type). When processing a tiled image with chroma subsampling (e.g., 4:2:0 or 4:2:2), the library fails to scale spatial offsets for the chroma planes. This leads to out-of-bounds memory writes when decoding any tile other than the top-left one, potentially resulting in remote code execution. (CVE-2026-47178) Wrapped icef compressed-unit range check causes out-of-bounds read in uncompressed HEIF decoder. (CVE-2026-49271)