[Git][security-tracker-team/security-tracker][master] new libheif issues

Moritz Muehlenhoff (@jmm) jmm at debian.org
Wed May 20 17:33:42 BST 2026 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
132693b6 by Moritz Muehlenhoff at 2026-05-20T18:33:29+02:00
new libheif issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -384,9 +384,13 @@ CVE-2026-32741 (libheif is a HEIF and AVIF file format decoder and encoder. Vers
 CVE-2026-32740 (libheif is a HEIF and AVIF file format decoder and encoder. Versions 1 ...)
 	TODO: check
 CVE-2026-32739 (libheif is a HEIF and AVIF file format decoder and encoder. In version ...)
-	TODO: check
+	- libheif <unfixed>
+	NOTE: https://github.com/strukturag/libheif/security/advisories/GHSA-j9g7-q9hv-gq8c
+	NOTE: https://github.com/strukturag/libheif/commit/723b58d6ca329b2743822951aeaf3299c7410448 (v1.22.0)
 CVE-2026-32738 (libheif is a HEIF and AVIF file format decoder and encoder. In version ...)
-	TODO: check
+	- libheif <unfixed>
+	NOTE: https://github.com/strukturag/libheif/security/advisories/GHSA-7f2h-cmpf-v9ww
+	NOTE: https://github.com/strukturag/libheif/commit/bdaa37728442800497ea224bd232ca25e2f9bdff (v1.22.0)
 CVE-2026-32134 (NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform.  ...)
 	TODO: check
 CVE-2026-31986 (Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz.  Th ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/132693b6aada16c0a13c7dfa0b74cd6bdc1814a5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/132693b6aada16c0a13c7dfa0b74cd6bdc1814a5
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260520/1476d8c2/attachment.htm>

More information about the debian-security-tracker-commits mailing list