Critical Vulnerabilities in libheif Affect Ubuntu Users

Multiple vulnerabilities in the libheif library were discovered by Elhanan Haenel, affecting Ubuntu 25.10 and Ubuntu 26.04 LTS. These vulnerabilities could lead to denial of service or arbitrary code execution through malformed HEIF/AVIF files. Specific CVEs include CVE-2026-32738, CVE-2026-32739, CVE-2026-32740, and CVE-2026-32741, all published on 2026-05-19. Users are advised to update their systems to mitigate these risks. The vulnerabilities exploit improper handling of image files, potentially allowing attackers to consume excessive resources or execute malicious code. The issues have been confirmed and patches are available for affected versions.

Key Points: • libheif vulnerabilities could lead to denial of service or arbitrary code execution. • Affected systems include Ubuntu 25.10 and 26.04 LTS with specific CVEs published on 2026-05-19. • Users are urged to update their systems to the latest package versions to mitigate risks.