Ubuntu alert USN-7952-1 (libheif)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-7952-1] libheif vulnerabilities | |
| Date: | Mon, 12 Jan 2026 05:43:55 +0000 | |
| Message-ID: | <E1vfAiZ-0005uL-8m@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-7952-1 January 12, 2026 libheif vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in libheif. Software Description: - libheif: An ISO/IEC 23008-12:2017 HEIF and AVIF file format decoder and encoder Details: It was discovered that libheif did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-25269) Aldo Ristori discovered that libheif did not correctly handle certain memory operations. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2025-68431) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libheif1 1.20.2-1ubuntu0.1 Ubuntu 25.04 libheif1 1.19.7-1ubuntu0.1 Ubuntu 24.04 LTS libheif1 1.17.6-1ubuntu4.2 Ubuntu 22.04 LTS libheif1 1.12.0-2ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS libheif1 1.6.1-1ubuntu0.1~esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS libheif1 1.1.0-2ubuntu0.1~esm2 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7952-1 CVE-2024-25269, CVE-2025-68431 Package Information: https://launchpad.net/ubuntu/+source/libheif/1.20.2-1ubun... https://launchpad.net/ubuntu/+source/libheif/1.19.7-1ubun... https://launchpad.net/ubuntu/+source/libheif/1.17.6-1ubun...
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmlkh8QACgkQcpJm3tlz hgFBeQ//XL9QN5VV/Ruv0aU+tvztKbqhI5zhwBLSfhFzzZ4uU26NmQp9VzGYA0XU N5Ofksso/s3GjjKkVbMqeLgeW4cf/+pILOvvKU0274TXGsO7KGXW3GumWjWLFoCz r7lfZLBIaexY4NinhbBnSqxEnw2jdDyeOTXPYFGM2+LBWDLbiOfrKgfvavUYnJrc kBPEKYEXVCHJxwVWgaBmjIFLBzrKjTI6S1PK2ZI+K2TmbSTs0LSwDrfZnWLNrHuY q++gikK/46E54NFDl7hC0xP8iOJkLZzCToTdMOFALxBID88mdGDbo7+dyCtF5CpK 6FbrsAcDT/0lZ3Cp+DUBGI0FfqJGZ4ziP+PGP7RsJBv8XUQuviti9vjmrKtoP9CQ ZmQmB5tUL5DZd3/eiLA3ZuARinHILgZQuvlOeLi09+jWB0z6CSrFrRtSVSbnb3ft mvv+Tadadv1iQAt85wVGETMxd8Yw/cZMiU5lmAyiSoCASxAYO6oyUUrkDTCmij+I NOSJfQXxGi0+5C9oLKHqLEDhN6ayBahllligaTVor6vAjwX4UYC+uj0bVk8J7Xfr 7T6pe6UWZu+sE3hBLVbpEtMpQqnXDcLGvwQx4ulkkl+2EBmUezXRbuQG97M5e1sc PakQNQbf1vVVKQ0cNmvZpuwYIcnUxniZ9k8pgC7+Dz8iCobzzvY= =QyLH -----END PGP SIGNATURE-----