CVEFinder.io

CVE-2026-32740

⚠️ high
🔍 Scan for this CVE
Summary

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by crafting a HEIF/AVIF file with a 1×4 grid of odd-height tiles. The overflow is triggered during normal image decoding with default build configuration. The written bytes are chroma (Cb/Cr) pixel values from t

Description

libheif is a HEIF and AVIF file format decoder and encoder. Versions 1.21.2 and prior contain a heap-buffer-overflow (write) vulnerability in the grid tile compositing, allowing an attacker to write 64 bytes of fully attacker-controlled data past the end of a chroma plane heap allocation by crafting a HEIF/AVIF file with a 1×4 grid of odd-height tiles. The overflow is triggered during normal image decoding with default build configuration. The written bytes are chroma (Cb/Cr) pixel values from the attacking tile, giving the attacker full control over the overflow content. This issue has been fixed in version 1.22.0.

CVSS Score
8.8
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-19
First Seen: 2026-05-20
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 81.1% of all 326,604 vulnerabilities in our database.

#61,754
Top 25% most severe
Severity Percentile
🎯 CISA SSVC Assessment Updated: May 21, 2026
🔍 Exploitation Status
None
No known exploits
⚙️ Automatable
NO
Requires human interaction
💥 Technical Impact
Total
Complete system compromise possible
SSVC data provided by CISA
Last Modified 2026-05-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-787

📦 Affected Products 1

Vendor Product Status Affected Versions
struktur libheif Affected
< 1.22.0

🔗 References 2

https://github.com/strukturag/libheif/releases/tag/v...
Release Notes
https://github.com/strukturag/libheif/security/advis...
Exploit Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-41069 🔶 medium 6.5 0.0 libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file... 2026-05-22
CVE-2026-41071 ⚠️ high 8.1 0.0 libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a crafted HEIF sequence file w... 2026-05-22
CVE-2026-32738 🔶 medium 6.5 0.1 libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequen... 2026-05-19
CVE-2026-32739 🔶 medium 6.5 0.1 libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequen... 2026-05-19
CVE-2025-68431 🔶 medium 6.5 0.1 libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the ... 2025-12-29
CVE-2025-43966 ℹ️ low 2.9 0.1 libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc. 2025-04-21
These CVEs affect the same products