CVE-2026-3950Improper Restriction of Operations within the Bounds of a Memory Buffer in Libheif

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-125Out-of-bounds Read7 documents6 sources
Severity
4.8MEDIUMNVD
EPSS
0.0%
top 96.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Strukturag LibheifDebian Libheif
Timeline
PublishedMar 11

Description

A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. Applying a patch is the recommended action to fix this issue. The patch available is inofficial and not approved yet.

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5strukturag/libheif1.21.0, 1.21.1, 1.21.2+2

🔴Vulnerability Details

2
GHSA
GHSA-cp66-x46c-28rg: A vulnerability was identified in strukturag libheif up to 12026-03-11
OSV
CVE-2026-3950: A vulnerability was identified in strukturag libheif up to 12026-03-11

📋Vendor Advisories

2
Red Hat
libheif: libheif: Denial of Service via out-of-bounds read in Track::load function2026-03-11
Debian
CVE-2026-3950: libheif - A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts ...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-3950 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2026-3950 — Strukturag Libheif vulnerability | cvebase