Main Vulnerability Database Vulnerabilities #VU131963

Out-of-bounds read in libheif - CVE-2026-47254

Published: May 20, 2026

Vulnerability identifier: #VU131963

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2026-47254

CWE-ID: CWE-125

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: struktur AG

Affected software:
libheif

Detailed vulnerability description

The vulnerability allows a remote attacker to cause a denial of service or disclose sensitive information.

The vulnerability exists due to out-of-bounds read in Track::get_next_sample_raw_data() when parsing a crafted HEIC sequence file and retrieving raw sequence samples. A remote attacker can supply a specially crafted file to cause a denial of service or disclose sensitive information.

The issue is triggered when the number of chunks defined in the stco box is less than the number of samples in stsz, causing an invalid chunk index to be stored in the presentation timeline.

How to mitigate CVE-2026-47254

Install security update from vendor's website.

Sources

https://github.com/strukturag/libheif/security/advisories/GHSA-wqjg-4x9g-6cvg

Out-of-bounds read in libheif - CVE-2026-47254

Detailed vulnerability description

How to mitigate CVE-2026-47254

Sources

Please verify you're human