CVE-2026-32882: CWE-125: Out-of-bounds Read in strukturag libheif
A heap buffer over-read vulnerability exists in libheif versions 1. 21. 2 and earlier in the HeifPixelImage::overlay() function. This occurs when compositing an overlay image whose alpha channel bit depth differs from the color channels, causing out-of-bounds reads of the alpha buffer. Exploitation can lead to denial of service via application crash or potential disclosure of adjacent heap memory. The issue is fixed in libheif version 1. 22. 0.
AI Analysis
Technical Summary
libheif, a HEIF and AVIF file format decoder and encoder, contains a heap buffer over-read vulnerability in versions prior to 1.22.0. The flaw is in the HeifPixelImage::overlay() function where, during compositing of an overlay image with mismatched alpha and color channel bit depths, the alpha plane is incorrectly indexed using the color channel stride instead of the alpha stride. This results in reading beyond the allocated alpha buffer by up to 3,123 bytes for certain image dimensions and bit depths. A crafted HEIF file can exploit this to cause a crash or leak adjacent heap memory through the decoded pixel output. The vulnerability is tracked as CVE-2026-32882 and classified under CWE-125 (Out-of-bounds Read).
Potential Impact
Successful exploitation can cause a denial of service due to application crash or potentially disclose adjacent heap memory contents, leading to information leakage. The CVSS v3.1 base score is 7.1 (High), reflecting network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, low confidentiality impact, no integrity impact, and high availability impact.
Mitigation Recommendations
Upgrade libheif to version 1.22.0 or later, where this vulnerability has been fixed. No other official remediation or temporary fixes are indicated. Patch status is confirmed fixed in 1.22.0.
CVE-2026-32882: CWE-125: Out-of-bounds Read in strukturag libheif
Description
A heap buffer over-read vulnerability exists in libheif versions 1. 21. 2 and earlier in the HeifPixelImage::overlay() function. This occurs when compositing an overlay image whose alpha channel bit depth differs from the color channels, causing out-of-bounds reads of the alpha buffer. Exploitation can lead to denial of service via application crash or potential disclosure of adjacent heap memory. The issue is fixed in libheif version 1. 22. 0.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
libheif, a HEIF and AVIF file format decoder and encoder, contains a heap buffer over-read vulnerability in versions prior to 1.22.0. The flaw is in the HeifPixelImage::overlay() function where, during compositing of an overlay image with mismatched alpha and color channel bit depths, the alpha plane is incorrectly indexed using the color channel stride instead of the alpha stride. This results in reading beyond the allocated alpha buffer by up to 3,123 bytes for certain image dimensions and bit depths. A crafted HEIF file can exploit this to cause a crash or leak adjacent heap memory through the decoded pixel output. The vulnerability is tracked as CVE-2026-32882 and classified under CWE-125 (Out-of-bounds Read).
Potential Impact
Successful exploitation can cause a denial of service due to application crash or potentially disclose adjacent heap memory contents, leading to information leakage. The CVSS v3.1 base score is 7.1 (High), reflecting network attack vector, low attack complexity, no privileges required, user interaction required, unchanged scope, low confidentiality impact, no integrity impact, and high availability impact.
Mitigation Recommendations
Upgrade libheif to version 1.22.0 or later, where this vulnerability has been fixed. No other official remediation or temporary fixes are indicated. Patch status is confirmed fixed in 1.22.0.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-03-16T21:03:44.420Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a0cc91dba1db47362ec07cf
Added to database: 5/19/2026, 8:33:33 PM
Last enriched: 5/19/2026, 8:48:35 PM
Last updated: 5/19/2026, 9:54:41 PM
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.