USN-7952-1 Unknown

USN-7952-1: libheif vulnerabilities

Canonical (Ubuntu) Released: January 12, 2026 Updated: January 14, 2026 Restart Required

Description

It was discovered that libheif did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-25269) Aldo Ristori discovered that libheif did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-68431)

Fixed Vulnerabilities 2

CVE-2024-25269 N/A 0.0 ⚠️ KEV fixed

Mar 05, 2024

libheif

CVE-2025-68431 N/A 0.0 ⚠️ KEV fixed

Dec 29, 2025

libheif is an HEIF and AVIF file format decoder and encoder. Prior to version 1.21.0, a crafted HEIF that exercises the overlay image item path…

Quick Info

Patch ID: USN-7952-1

Vendor: Canonical (Ubuntu)

Severity: Unknown

CVEs Fixed: 2

Restart: Required

Vendor

Canonical (Ubuntu)

Additional Info

action:

usn id: USN-7952-1

summary: Several security issues were fixed in libheif.

usn number: 7952-1

instructions: In general, a standard system update will make all the necessary changes.

CVE Vulnerabilities

Posts & Pages