These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2026-49346 is a buffer overflow vulnerability in libde265, an open-source H.265 video codec implementation. A crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth can cause a signed integer overflow, leading to a heap buffer overflow. This issue was patched in version 1.1.0. Defenders should assess their exposure and prioritize patching due to the high CVSS score of 7.1.
CVE-2026-49295 is a HIGH severity vulnerability in libde265, an open-source H.265 video codec implementation. A crafted H.265 bitstream can cause an out-of-bounds array write in `decoder_context::process_reference_picture_set()`. This occurs due to a missing aggregate bound check on predicted short-term reference picture set entries. The vulnerability has a CVSS score of 7.1 and was published on June 19, [truncated]
A heap-buffer-overflow vulnerability in libheif versions 1.21.2 and prior allows out-of-bounds reads when parsing crafted HEIF sequence files. The root cause is a missing validation between the sample count declared in the `saiz` box and the actual number of chunks in the track's chunk table. The `SampleAuxInfoReader` constructor iterates over `saiz->get_num_samples()` without verifying this count against [truncated]
## Summary libheif ≤1.21.2 contains an out-of-bounds read in its HEIF/AVIF sequence-parsing logic. A malformed file with `stco.entry_count == 0` (no chunks) but `saiz.sample_count > 0` causes the `SampleAuxInfoReader` constructor to dereference `chunks[0]` on an empty vector, resulting in denial of service. ## Affected Products - **Product:** libheif - **Versions:** 1.21.2 and prior - **Fixed in:** 1.22.0 [truncated]
CVE-2026-32882 is a heap buffer over-read in libheif’s overlay compositing path. A crafted HEIF file can trigger the flaw when the child image uses a different alpha-channel bit depth than its color channels. The issue can crash the decoder and may also leak adjacent heap data into output pixels. The vulnerability affects libheif 1.21.2 and earlier and is fixed in 1.22.0.
CVE-2026-32814 affects libheif versions 1.21.2 and earlier when decoding HEIF grid images with the default strict_decoding=false setting. A corrupted tile can fail without an error, leaving part of the output canvas unwritten and exposing uninitialized heap memory as decoded pixel data. The library still returns heif_error_Ok, so callers may trust output that contains heap garbage. The issue is fixed in l [truncated]
CVE-2026-32741 describes a heap buffer overflow in libheif’s mask image decoding path. A crafted HEIF file containing a mask image can cause MaskImageCodec::decode_mask_image() to copy attacker-controlled extent data into a destination buffer that was sized from the declared image dimensions, creating a heap overwrite. The issue is fixed in libheif 1.22.0.
CVE-2026-32740 is a high-severity heap-buffer-overflow write in libheif’s grid tile compositing path. A crafted HEIF/AVIF file with a 1×4 grid of odd-height tiles can trigger a write of attacker-controlled chroma data past the end of a heap allocation during normal decoding. The issue affects libheif 1.21.2 and earlier and is fixed in 1.22.0.
CVE-2026-32738 is a denial-of-service issue in libheif. A crafted HEIF sequence file can be parsed without error, but later trigger a crash when sample data is accessed. The supplied record says the issue was published on 2026-05-19 and fixed in libheif 1.22.0.