CVE-2026-3949

EUVD-2026-11300

11.03.2026, 19:16

A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called b97c8b5f198b27f375127cd597a35f2113544d03. It is advisable to implement a patch to correct this issue.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	3.3 LOW	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 5%

Ubuntu Releases

Ubuntu Product

Codename

libheif

bionic	not-affected
focal	not-affected
jammy	not-affected
noble	not-affected
questing	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

libheif-aom

suse enterprise desktop 15 SP7	1.19.5-150700.3.8.1 fixed
suse enterprise sap 15 SP7	1.19.5-150700.3.8.1 fixed
suse enterprise server 15 SP7	1.19.5-150700.3.8.1 fixed

libheif-dav1d

suse enterprise desktop 15 SP7	1.19.5-150700.3.8.1 fixed
suse enterprise sap 15 SP7	1.19.5-150700.3.8.1 fixed
suse enterprise server 15 SP7	1.19.5-150700.3.8.1 fixed

libheif-jpeg

suse enterprise desktop 15 SP7	1.19.5-150700.3.8.1 fixed
suse enterprise sap 15 SP7	1.19.5-150700.3.8.1 fixed
suse enterprise server 15 SP7	1.19.5-150700.3.8.1 fixed

libheif-rav1e

suse enterprise desktop 15 SP7	1.19.5-150700.3.8.1 fixed
suse enterprise sap 15 SP7	1.19.5-150700.3.8.1 fixed
suse enterprise server 15 SP7	1.19.5-150700.3.8.1 fixed

libheif1

suse enterprise desktop 15 SP7	1.19.5-150700.3.8.1 fixed
suse enterprise sap 15 SP7	1.19.5-150700.3.8.1 fixed
suse enterprise server 15 SP7	1.19.5-150700.3.8.1 fixed