Not a user yet?
Log in Register for free Suggest a product
Update

USN-7952-1: libheif vulnerabilities

Ubuntu DesktopUbuntu Desktop
Canonical

USN-7952-1: libheif vulnerabilities

Publication date: 12 January 2026
Overview: Several security issues were fixed in libheif.

Packages
libheif - An ISO/IEC 23008-12:2017 HEIF and AVIF file format decoder and encoder

Details
It was discovered that libheif did not correctly handle certain memory
operations. An attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS
and Ubuntu 24.04 LTS. (CVE-2024-25269)

Aldo Ristori discovered that libheif did not correctly handle certain
memory operations. An attacker could possibly use this issue to cause a
denial of service or execute arbitrary code. (CVE-2025-68431)

Update instructions
In general, a standard system update will make all the necessary changes.

The problem can be corrected by updating your system to the following package versions:

25.10 questing

  • libheif1 – 1.20.2-1ubuntu0.1

25.04 plucky

  • libheif1 – 1.19.7-1ubuntu0.1

24.04 LTS noble

  • libheif1 – 1.17.6-1ubuntu4.2

22.04 LTS jammy

  • libheif1 – 1.12.0-2ubuntu0.1~esm2

20.04 LTS focal

  • libheif1 – 1.6.1-1ubuntu0.1~esm2

18.04 LTS bionic

  • libheif1 – 1.1.0-2ubuntu0.1~esm2
More updatesTo the product
The manufacturer Canonical has not yet set up its devicebase profile. Content such as updates, compatibilities and support may only be maintained with a delay.
Receive Important Update Messages Stay tuned for upcoming Canonical updates

More from the Operating Systems section

Was the content helpful to you?

Advertisement Advertise here?
Udemy IT certification ad