CVE-2026-47709
Public on 2026-07-02
Modified on 2026-07-02
Description
libheif crashes in the public C API heif_image_handle_get_image_tiling() when a malformed uncompressed HEIF image item has an associated uncC property but no associated ispe property. In debug builds this trips the ispe && uncC assertion in ImageItem_uncompressed::get_heif_image_tiling(). In a release/NDEBUG ASan build, the same file causes a null pointer read at address 0xa8.
Severity
See what this means
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2023 | libheif | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 6.2 | CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |