UBUNTU-CVE-2026-32814
- Source
- https://ubuntu.com/security/CVE-2026-32814
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-32814.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-32814
- Upstream
- Published
- 2026-05-19T21:16:00Z
- Modified
- 2026-05-20T22:02:57.521216246Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, when decoding a HEIF grid image with strictdecoding=false (the default), a corrupted tile silently fails to decode and the library returns heiferrorOk with no indication of failure, leading to an uninitialized heap memory information leak. The canvas is allocated via createcloneimageatnewsize() → plane.alloc() → new (std::nothrow) uint8t[allocationsize] which does not zero the memory; only the alpha plane is explicitly initialized via fillplane(), so the Y, Cb, and Cr planes contain whatever was previously at that heap address. The failed tile's region of the canvas is never written. It retains uninitialized heap data that is delivered to the caller as decoded pixel values (4,096 bytes per Y/Cb/Cr plane = 12,288+ bytes total). Any application using libheif to decode grid-based HEIF/AVIF files with default settings is vulnerable: a crafted .heic or .avif file causes 4,096+ bytes of heap memory to appear as pixel values in the decoded image, and the calling application receives heiferror_Ok, so it has no indication the output contains heap garbage. In server-side image processing, an uploaded crafted HEIF decoded and re-encoded (e.g., as PNG/JPEG for thumbnails, CDN, social media) can leak cross-user data such as auth tokens, database results, and other users' image data. This issue has been fixed in version 1.22.0.
- References
Affected packages
Ubuntu:24.04:LTS
libheif
Package
- Name
- libheif
- Purl
- pkg:deb/ubuntu/libheif?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.16.2-2ubuntu1
1.17.1-1ubuntu2
1.17.1-1ubuntu3
1.17.4-1ubuntu1
1.17.6-1ubuntu1
1.17.6-1ubuntu2
1.17.6-1ubuntu3
1.17.6-1ubuntu4
1.17.6-1ubuntu4.1
1.17.6-1ubuntu4.2
1.17.6-1ubuntu4.3
Ecosystem specific
{
"binaries": [
{
"binary_name": "heif-gdk-pixbuf",
"binary_version": "1.17.6-1ubuntu4.3"
},
{
"binary_name": "heif-thumbnailer",
"binary_version": "1.17.6-1ubuntu4.3"
},
{
"binary_name": "libheif-examples",
"binary_version": "1.17.6-1ubuntu4.3"
},
{
"binary_name": "libheif-plugin-aomdec",
"binary_version": "1.17.6-1ubuntu4.3"
},
{
"binary_name": "libheif-plugin-aomenc",
"binary_version": "1.17.6-1ubuntu4.3"
},
{
"binary_name": "libheif-plugin-dav1d",
"binary_version": "1.17.6-1ubuntu4.3"
},
{
"binary_name": "libheif-plugin-ffmpegdec",
"binary_version": "1.17.6-1ubuntu4.3"
},
{
"binary_name": "libheif-plugin-j2kdec",
"binary_version": "1.17.6-1ubuntu4.3"
},
{
"binary_name": "libheif-plugin-j2kenc",
"binary_version": "1.17.6-1ubuntu4.3"
},
{
"binary_name": "libheif-plugin-jpegdec",
"binary_version": "1.17.6-1ubuntu4.3"
},
{
"binary_name": "libheif-plugin-jpegenc",
"binary_version": "1.17.6-1ubuntu4.3"
},
{
"binary_name": "libheif-plugin-libde265",
"binary_version": "1.17.6-1ubuntu4.3"
},
{
"binary_name": "libheif-plugin-rav1e",
"binary_version": "1.17.6-1ubuntu4.3"
},
{
"binary_name": "libheif-plugin-svtenc",
"binary_version": "1.17.6-1ubuntu4.3"
},
{
"binary_name": "libheif-plugin-x265",
"binary_version": "1.17.6-1ubuntu4.3"
},
{
"binary_name": "libheif1",
"binary_version": "1.17.6-1ubuntu4.3"
}
]
}Ubuntu:25.10
libheif
Package
- Name
- libheif
- Purl
- pkg:deb/ubuntu/libheif?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "heif-gdk-pixbuf",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "heif-thumbnailer",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "heif-view",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "libheif-examples",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "libheif-plugin-aomdec",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "libheif-plugin-aomenc",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "libheif-plugin-dav1d",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "libheif-plugin-ffmpegdec",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "libheif-plugin-j2kdec",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "libheif-plugin-j2kenc",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "libheif-plugin-jpegdec",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "libheif-plugin-jpegenc",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "libheif-plugin-kvazaar",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "libheif-plugin-libde265",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "libheif-plugin-rav1e",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "libheif-plugin-svtenc",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "libheif-plugin-x265",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "libheif-plugins-all",
"binary_version": "1.20.2-1ubuntu0.3"
},
{
"binary_name": "libheif1",
"binary_version": "1.20.2-1ubuntu0.3"
}
]
}Ubuntu:26.04:LTS
libheif
Package
- Name
- libheif
- Purl
- pkg:deb/ubuntu/libheif?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.20.2-1
1.20.2-2
1.20.2-2build1
1.20.2-2build2
1.20.2-2ubuntu1
1.21.2-1
1.21.2-3
Ecosystem specific
{
"binaries": [
{
"binary_name": "heif-gdk-pixbuf",
"binary_version": "1.21.2-3"
},
{
"binary_name": "heif-thumbnailer",
"binary_version": "1.21.2-3"
},
{
"binary_name": "heif-view",
"binary_version": "1.21.2-3"
},
{
"binary_name": "libheif-examples",
"binary_version": "1.21.2-3"
},
{
"binary_name": "libheif-plugin-aomdec",
"binary_version": "1.21.2-3"
},
{
"binary_name": "libheif-plugin-aomenc",
"binary_version": "1.21.2-3"
},
{
"binary_name": "libheif-plugin-dav1d",
"binary_version": "1.21.2-3"
},
{
"binary_name": "libheif-plugin-ffmpegdec",
"binary_version": "1.21.2-3"
},
{
"binary_name": "libheif-plugin-j2kdec",
"binary_version": "1.21.2-3"
},
{
"binary_name": "libheif-plugin-j2kenc",
"binary_version": "1.21.2-3"
},
{
"binary_name": "libheif-plugin-jpegdec",
"binary_version": "1.21.2-3"
},
{
"binary_name": "libheif-plugin-jpegenc",
"binary_version": "1.21.2-3"
},
{
"binary_name": "libheif-plugin-kvazaar",
"binary_version": "1.21.2-3"
},
{
"binary_name": "libheif-plugin-libde265",
"binary_version": "1.21.2-3"
},
{
"binary_name": "libheif-plugin-rav1e",
"binary_version": "1.21.2-3"
},
{
"binary_name": "libheif-plugin-svtenc",
"binary_version": "1.21.2-3"
},
{
"binary_name": "libheif-plugin-x265",
"binary_version": "1.21.2-3"
},
{
"binary_name": "libheif-plugins-all",
"binary_version": "1.21.2-3"
},
{
"binary_name": "libheif1",
"binary_version": "1.21.2-3"
}
]
}Ubuntu:Pro:18.04:LTS
libheif
Package
- Name
- libheif
- Purl
- pkg:deb/ubuntu/libheif?arch=source&distro=esm-apps%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:20.04:LTS
libheif
Package
- Name
- libheif
- Purl
- pkg:deb/ubuntu/libheif?arch=source&distro=esm-apps%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.5.0-1build1
1.5.1-1
1.5.1-1build1
1.6.0-1
1.6.1-1
1.6.1-1build1
1.6.1-1ubuntu0.1~esm1
1.6.1-1ubuntu0.1~esm2
Ecosystem specific
{
"binaries": [
{
"binary_name": "heif-gdk-pixbuf",
"binary_version": "1.6.1-1ubuntu0.1~esm2"
},
{
"binary_name": "heif-thumbnailer",
"binary_version": "1.6.1-1ubuntu0.1~esm2"
},
{
"binary_name": "libheif-examples",
"binary_version": "1.6.1-1ubuntu0.1~esm2"
},
{
"binary_name": "libheif1",
"binary_version": "1.6.1-1ubuntu0.1~esm2"
}
]
}Ubuntu:Pro:22.04:LTS
libheif
Package
- Name
- libheif
- Purl
- pkg:deb/ubuntu/libheif?arch=source&distro=esm-apps%2Fjammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ecosystem specific
{
"binaries": [
{
"binary_name": "heif-gdk-pixbuf",
"binary_version": "1.12.0-2ubuntu0.1~esm2"
},
{
"binary_name": "heif-thumbnailer",
"binary_version": "1.12.0-2ubuntu0.1~esm2"
},
{
"binary_name": "libheif-examples",
"binary_version": "1.12.0-2ubuntu0.1~esm2"
},
{
"binary_name": "libheif1",
"binary_version": "1.12.0-2ubuntu0.1~esm2"
}
]
}