← Back to blog

Critical libheif Flaws Enable DoS and Code Execution Attacks

Ubuntu security patches address five vulnerabilities in libheif image library affecting Ubuntu 24.04 LTS and newer versions. Attackers could exploit malformed HEIF/AVIF files to trigger denial of service or arbitrary code execution.

TL;DR

  • Five CVEs patched in libheif affecting Ubuntu 24.04 LTS, 25.10, and 26.04 LTS
  • Malformed HEIF sequence files can trigger infinite loops and resource exhaustion
  • Crafted HEIF/AVIF images may enable arbitrary code execution, not just DoS
  • Mask image handling flaws present additional attack surface for remote exploitation
  • Immediate patching recommended for systems processing untrusted image files

Ubuntu has released security updates addressing five vulnerabilities in libheif, a widely-used library for encoding and decoding High Efficiency Image Format (HEIF) and AVIF files. Researcher Elhanan Haenel discovered multiple flaws that allow attackers to craft malicious image files capable of triggering denial of service conditions or executing arbitrary code on affected systems.

The vulnerabilities span multiple Ubuntu LTS and interim releases, with the most severe issues affecting image processing pipelines in web applications, content management systems, and media servers. Organizations relying on libheif for image handling should prioritize patching to prevent remote exploitation through untrusted image uploads or processing.

Vulnerability Details and Attack Vectors

  • CVE-2026-32738 and CVE-2026-32739 involve malformed HEIF sequence files causing denial of service through resource exhaustion and infinite loops
  • CVE-2026-32740 affects crafted HEIF/AVIF files with potential for arbitrary code execution beyond simple DoS
  • CVE-2026-32741 targets mask image handling in HEIF files, enabling both DoS and code execution on Ubuntu 24.04 LTS and newer
  • Attack surface includes any application accepting user-supplied HEIF or AVIF image files without strict validation

Affected Systems and Mitigation

  • Ubuntu 24.04 LTS, 25.10, and 26.04 LTS require immediate security updates
  • Web applications and services processing images from untrusted sources face highest risk
  • Implement input validation and sandboxing for image processing operations
  • Apply Ubuntu security patches USN-8454-1 immediately across affected infrastructure
  • Consider restricting HEIF/AVIF support if not essential to application functionality

Sources

Sources

Security email updates

One digest email when we publish new security articles (TL;DR plus links to read more). Unsubscribe anytime from the message footer. See our Privacy Policy.

Critical libheif Flaws Enable DoS and Code Execution Attacks — Agent Breach Blog | Agent Breach