Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-19T19:10:03 libheif: libheif: Denial of Service via crafted HEIF sequence file 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CWE-835

A flaw was found in libheif, a HEIF and AVIF file format decoder and encoder. A remote attacker could exploit this vulnerability by providing a specially crafted HEIF (High Efficiency Image File Format) sequence file. This would trigger an infinite loop during file parsing, consuming 100% CPU indefinitely and leading to a Denial of Service (DoS) condition.

Red Hat Enterprise Linux 10 Not affected glycin-loaders https://www.cve.org/CVERecord?id=CVE-2026-32739 https://nvd.nist.gov/vuln/detail/CVE-2026-32739 https://github.com/strukturag/libheif/releases/tag/v1.22.0 https://github.com/strukturag/libheif/security/advisories/GHSA-j9g7-q9hv-gq8c