SUSE-SU-2026:22153-1: important: Security update for libheif
SLE-SECURITY-UPDATES
null at suse.de
Tue Jun 23 16:44:10 UTC 2026
# Security update for libheif
Announcement ID: SUSE-SU-2026:22153-1
Release Date: 2026-06-17T08:37:36Z
Rating: important
References:
* bsc#1255735
* bsc#1259541
* bsc#1259544
* bsc#1265874
* bsc#1265875
* bsc#1265876
* bsc#1265877
* bsc#1265878
* bsc#1265879
* bsc#1265979
* bsc#1265980
* bsc#1265981
* bsc#1265982
* bsc#1265983
* bsc#1265987
* bsc#1265988
* bsc#1265989
* bsc#1265990
* bsc#1265992
* bsc#1265995
* bsc#1265996
* bsc#1265997
* bsc#1266281
* bsc#1266282
* bsc#1267455
Cross-References:
* CVE-2025-68431
* CVE-2026-32738
* CVE-2026-32739
* CVE-2026-32740
* CVE-2026-32741
* CVE-2026-32814
* CVE-2026-32882
* CVE-2026-3949
* CVE-2026-3950
* CVE-2026-41069
* CVE-2026-41071
* CVE-2026-47178
* CVE-2026-47247
* CVE-2026-47251
* CVE-2026-47254
* CVE-2026-47709
* CVE-2026-47714
* CVE-2026-48029
* CVE-2026-49271
* CVE-2026-50142
CVSS scores:
* CVE-2025-68431 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-68431 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-68431 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2025-68431 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-32738 ( SUSE ): 6.0
CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-32738 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-32738 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-32738 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-32739 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-32739 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-32739 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-32740 ( SUSE ): 8.5
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-32740 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-32740 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
* CVE-2026-32741 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2026-32741 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2026-32741 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
* CVE-2026-32814 ( SUSE ): 5.7
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-32814 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-32814 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
* CVE-2026-32882 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-32882 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-32882 ( NVD ): 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-3949 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-3949 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-3949 ( NVD ): 1.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3949 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-3950 ( SUSE ): 4.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
* CVE-2026-3950 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-3950 ( NVD ): 1.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-3950 ( NVD ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
* CVE-2026-41069 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41069 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-41069 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-41071 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-41071 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-41071 ( NVD ): 5.1
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2026-41071 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
* CVE-2026-47178 ( SUSE ): 8.6
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
* CVE-2026-47178 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2026-47247 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
* CVE-2026-47247 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2026-47251 ( SUSE ): 6.8
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-47251 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-47254 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-47254 ( SUSE ): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
* CVE-2026-47709 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-47709 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2026-47714 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-47714 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-48029 ( SUSE ): 7.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-48029 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H
* CVE-2026-49271 ( SUSE ): 6.7
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-49271 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-49271 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
* CVE-2026-50142 ( SUSE ): 6.9
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2026-50142 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
* SUSE Linux Enterprise Server 16.0
* SUSE Linux Enterprise Server for SAP applications 16.0
An update that solves 20 vulnerabilities and has five fixes can now be
installed.
## Description:
This update for libheif fixes the following issues
Update to 1.23.0:
* CVE-2025-68431: heap buffer over-read in `HeifPixelImage: overlay()` via
crafted HEIF that exercises the overlay image item (bsc#1255735).
* CVE-2026-3949: manipulation of the argument size of a malicious frame can
lead to out-of-bounds read (bsc#1259541).
* CVE-2026-3950: manipulation of the component stsz/stts can lead to out-of-
bounds read (bsc#1259544).
* CVE-2026-32738: Heap OOB Read / SEGV Crash via Zero samples_per_chunk in
stsc (bsc#1265874).
* CVE-2026-32739: Infinite Loop DoS in stts Sample Duration Lookup
(bsc#1265875).
* CVE-2026-32740: Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing
(bsc#1265876).
* CVE-2026-32741: heap buffer overflow in decode_mask_image() (bsc#1265877).
* CVE-2026-32814: Uninitialized Heap Memory Information Leak via Failed Grid
Tiles (bsc#1265878).
* CVE-2026-32882: Heap Buffer OOB Read in overlay compositing due to wrong
alpha stride (bsc#1265879).
* CVE-2026-41069: Out-of-bounds vector access leading to invalid dereference
(bsc#1265979).
* CVE-2026-41071: Heap buffer over-read in SampleAuxInfoReader via crafted
HEIF sequence file with mismatched saiz sample count (bsc#1265980).
* CVE-2026-47178: Heap Out Of Bounds Write in unci subsystem (bsc#1265981).
* CVE-2026-47247: Heap Information Disclosure via Grid Image Gap +
Uninitialized Pixel Plane Allocation (bsc#1265982).
* CVE-2026-47251: integer overflow bypass in vvdec_push_data2 (bsc#1265983).
* CVE-2026-47254: Heap Buffer Overflow in `Track: get_next_sample_raw_data()`
\-- OOB Chunk Vector Access (bsc#1265987).
* CVE-2026-47709: NULL pointer dereference in
heif_image_handle_get_image_tiling for malformed unci image missing ispe
(bsc#1265988).
* CVE-2026-47714: Integer overflow in inline mask size calculation causes
undersized buffer allocation (bsc#1265989).
* CVE-2026-48029: heap OOB read in ImageItem_Grid: decode_grid_tile via irot-
induced tile-coordinate underflow (bsc#1265990).
* CVE-2026-49271: Wrapped icef compressed-unit range check causes out-of-
bounds read in uncompressed HEIF decoder (bsc#1266282).
* CVE-2026-50142: unbounded heap allocation in HEIF sequence parser
(bsc#1267455).
* Heap buffer overflow via uint32_t stride overflow in image plane allocation
(+ 2 additional instances) (bsc#1265997).
* Incorrect byte-count initialization in BitstreamRange constructor allows
container-boundary check bypass (bsc#1265995).
* Integer Overflow in SampleAuxInfoReader Offset Calculation (bsc#1265992).
* Out-of-bounds read and assertion-based DoS in EXIF parsing (find_exif_tag /
read32) with short EXIF TIFF payload (bsc#1265996).
* Out-of-bounds write in inline mask region API when source mask exceeds
declared region (bsc#1266281).
* update to 1.23.0:
* add API functions to read and write metadata: ambient viewing environment
nominal diffuse white luminance
* update to 1.22.2:
* adds a output_image_nclx_profile_passthrough option to heif_decoding_options
* build issues with OpenJPEG plugin (#1813)
* non-plain C in header (#1812)
* update to 1.22.0:
* This is a large release with substantial new functionality, mainly focusing
on generalized image formats (e.g., multi- spectral images) and a reworked
implementation of ISO/IEC 23001-17 (lossless image codec).
* HDR up to 64 bpp
* Multi-component images with arbitrary component layouts (multi-spectral
images, arbitrary non-visual data)
* Filter-array (Bayer / mosaic) images, with debayering in color
transformation pipeline
* Metadata: chroma-sample location (cloc), sample non- uniformity (snuc),
sensor bad-pixel map (sbpm), polarization pattern (splz)
* heif-dec can now convert to WebP (thanks to @torusrxxx).
* heif-enc can now accept input from WebP, HEIF, pure raw files (including
floating point pixel data), and CMYK JPEG (converted to RGB).
* TIFF input can now read many TIFF formats used in geospatial imaging, like:
16-bit, signed integers, float samples, tiled TIFFs, GeoTIFF overview
images, CMYK JPEG, YCbCr-as-JPEG. TIFFs with image tiling and multi-
resolution layers are now reproduced as HEIFs when converted.
* PNG decoder/encoder: cICP, cLLI, and mDCV chunk support (#1697).
* heif-dec: auto-correct option to fix known input errors (e.g. mismatched
NCLX/VUI).
* Image, Track, Sequence samples, image component GIMI content IDs
* Embedding of Turtle (.ttl) metadata files; automatic parsing of GIMI content
IDs from Turtle
* AOM encoder plugin now auto-selects IQ tune mode
* mini-box syntax updated to the current HEIF version 4 draft (thanks @bradh
for the initial implementation)
* unif brand (globally-unique-ID) support
* OMAF (omnidirectional images): indicate ISO/IEC 23000-22
spherical/omnidirectional image projection
* alpha bit-depth tracked through the color-conversion pipeline
* ## Build / CI
* requires C++20
* oss-fuzz integration overhauled
* fuzzers for tile API, generic API surface, and per-codec encoders
* update to 1.21.2:
* build script for JS/WASM now supports building with JPEG2000 and
"ISO23001-17 Uncompressed" support.
* image sequence SAI data now works when using the OpenH264 decoder plugin
* update to 1.21.1:
* This patch release only fixes a build error with some GCC versions because
of a missing #include.
* update to 1.21.0:
* This release adds full support for reading and writing HEIF image sequences.
libheif will now encode HEIF image sequences with all included codecs.
* Since HEIF image sequences are very similar to MP4 videos, this new version
is also capable of decoding most MP4 videos (without audio, of course).
* heif-enc documentation for sequence encoding
* API documentation for reading and writing sequences
* Support for image sequences with alpha channels. For most codecs, the alpha
channel will be stored in a separate, auxiliary, monochrome track. For
ISO/IEC 23001-17 (uncompressed) streams, the alpha channel is stored in the
main video track.
* Support for sequence track edit lists to define the number of sequence
repetitions (without actually repeating the video data).
* New encoder plugin using x264 to write H.264-compressed video streams and
images.
* The FFmpeg decoder plugin will now decode both H.265 and H.264.
* Support for HEIF text items and language properties.
* version 1.20 requires at least ffmpeg 4, so go with version 7+
* update to 1.20.2:
* When opening tiled images, do not check against maximum image size
immediately to allow for tile-based decoding of very large images.
* Several smaller fixes in writing image sequences
* CMake option to disable building of heif-view, which pulls in dependency on
SDL
* Fixes reading/writing of GIMI content IDs
* Some build fixes
* Remove conditionals for openh264, we can build against noopenh264
* update to 1.20.1:
* Fixes a bug in decoder plugin loading.
* Changes from 1.20.0:
* Sequences:
* API for reading and writing image sequences. You can read and write
sequences for all codecs (not just H.265 / AV1, but also JPEG-2000,
ISO-23001-17 uncompressed, ...). Currently only intra-coded sequences are
supported.
* API for reading and writing metadata sequences. The metadata tracks can
contain any raw timed data.
* Support for SAI (sample auxiliary information). Timed samples (from image
sequences or metadata) can have auxiliary data attached. Currently we
support TAI timestamps and GIMI content description IDs.
* Support for track references.
* The API for sequences is described here:
https://github.com/strukturag/libheif/wiki/Reading-and-Writing-Sequences
* New command line tool heif-view to show HEIF sequences (requires libSDL).
* Other new features:
* You can specify a security limit for the maximum total memory libheif may
use for decoding. This is easier to handle than specifying limits on the
maximum image size or single memory allocations.
* Support for TAI timestamps (in images and sequences) has been promoted from
experimental to stable.
* FFMPEG plugin now supports HDR decoding
* Header files are now split into individual headers by topic. However, it
should still be backwards compatible with heif.h being a catch-all covering
the old content. For new functionality (sequences, TAI), you will need to
include the specific headers.
* All struct names of the API are now also typedefs.
* add build requires for brotli which it looks for since 1.18
* prepare building heif-view
* update to 1.19.8:
* Set essential flag for transformative properties as required by MIAF. This
fixes the display of AVIF images with transformations encoded by libheif in
Chrome, which checks whether this flag is set. This mainly affected images
encoded by ImageMagick.
* If the environment variable LIBHEIF_SECURITY_LIMITS is set to OFF, libheif
will not check any security limits. This can be used if a user works with
large images and the application software does not allow to adjust the
libheif security limits.
* Resolved processing 16-bit JPEG-2000
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Server 16.0
zypper in -t patch SUSE-SLES-16.0-939=1
* SUSE Linux Enterprise Server for SAP applications 16.0
zypper in -t patch SUSE-SLES-16.0-939=1
## Package List:
* SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64)
* libheif-rav1e-debuginfo-1.23.0-160000.1.1
* libheif-rav1e-1.23.0-160000.1.1
* libheif-ffmpeg-1.23.0-160000.1.1
* libheif1-1.23.0-160000.1.1
* libheif-jpeg-debuginfo-1.23.0-160000.1.1
* libheif-aom-debuginfo-1.23.0-160000.1.1
* gdk-pixbuf-loader-libheif-1.23.0-160000.1.1
* gdk-pixbuf-loader-libheif-debuginfo-1.23.0-160000.1.1
* libheif-ffmpeg-debuginfo-1.23.0-160000.1.1
* libheif-jpeg-1.23.0-160000.1.1
* libheif-dav1d-1.23.0-160000.1.1
* libheif1-debuginfo-1.23.0-160000.1.1
* libheif-debugsource-1.23.0-160000.1.1
* libheif-dav1d-debuginfo-1.23.0-160000.1.1
* libheif-aom-1.23.0-160000.1.1
* libheif-openjpeg-1.23.0-160000.1.1
* libheif-openjpeg-debuginfo-1.23.0-160000.1.1
* SUSE Linux Enterprise Server for SAP applications 16.0 (x86_64)
* libheif-svtenc-1.23.0-160000.1.1
* libheif-svtenc-debuginfo-1.23.0-160000.1.1
* SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64)
* libheif-rav1e-debuginfo-1.23.0-160000.1.1
* libheif-rav1e-1.23.0-160000.1.1
* libheif-ffmpeg-1.23.0-160000.1.1
* libheif1-1.23.0-160000.1.1
* libheif-jpeg-debuginfo-1.23.0-160000.1.1
* libheif-aom-debuginfo-1.23.0-160000.1.1
* gdk-pixbuf-loader-libheif-1.23.0-160000.1.1
* gdk-pixbuf-loader-libheif-debuginfo-1.23.0-160000.1.1
* libheif-ffmpeg-debuginfo-1.23.0-160000.1.1
* libheif-jpeg-1.23.0-160000.1.1
* libheif-dav1d-1.23.0-160000.1.1
* libheif1-debuginfo-1.23.0-160000.1.1
* libheif-debugsource-1.23.0-160000.1.1
* libheif-dav1d-debuginfo-1.23.0-160000.1.1
* libheif-aom-1.23.0-160000.1.1
* libheif-openjpeg-1.23.0-160000.1.1
* libheif-openjpeg-debuginfo-1.23.0-160000.1.1
* SUSE Linux Enterprise Server 16.0 (aarch64 x86_64)
* libheif-svtenc-1.23.0-160000.1.1
* libheif-svtenc-debuginfo-1.23.0-160000.1.1
## References:
* https://www.suse.com/security/cve/CVE-2025-68431.html
* https://www.suse.com/security/cve/CVE-2026-32738.html
* https://www.suse.com/security/cve/CVE-2026-32739.html
* https://www.suse.com/security/cve/CVE-2026-32740.html
* https://www.suse.com/security/cve/CVE-2026-32741.html
* https://www.suse.com/security/cve/CVE-2026-32814.html
* https://www.suse.com/security/cve/CVE-2026-32882.html
* https://www.suse.com/security/cve/CVE-2026-3949.html
* https://www.suse.com/security/cve/CVE-2026-3950.html
* https://www.suse.com/security/cve/CVE-2026-41069.html
* https://www.suse.com/security/cve/CVE-2026-41071.html
* https://www.suse.com/security/cve/CVE-2026-47178.html
* https://www.suse.com/security/cve/CVE-2026-47247.html
* https://www.suse.com/security/cve/CVE-2026-47251.html
* https://www.suse.com/security/cve/CVE-2026-47254.html
* https://www.suse.com/security/cve/CVE-2026-47709.html
* https://www.suse.com/security/cve/CVE-2026-47714.html
* https://www.suse.com/security/cve/CVE-2026-48029.html
* https://www.suse.com/security/cve/CVE-2026-49271.html
* https://www.suse.com/security/cve/CVE-2026-50142.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255735
* https://bugzilla.suse.com/show_bug.cgi?id=1259541
* https://bugzilla.suse.com/show_bug.cgi?id=1259544
* https://bugzilla.suse.com/show_bug.cgi?id=1265874
* https://bugzilla.suse.com/show_bug.cgi?id=1265875
* https://bugzilla.suse.com/show_bug.cgi?id=1265876
* https://bugzilla.suse.com/show_bug.cgi?id=1265877
* https://bugzilla.suse.com/show_bug.cgi?id=1265878
* https://bugzilla.suse.com/show_bug.cgi?id=1265879
* https://bugzilla.suse.com/show_bug.cgi?id=1265979
* https://bugzilla.suse.com/show_bug.cgi?id=1265980
* https://bugzilla.suse.com/show_bug.cgi?id=1265981
* https://bugzilla.suse.com/show_bug.cgi?id=1265982
* https://bugzilla.suse.com/show_bug.cgi?id=1265983
* https://bugzilla.suse.com/show_bug.cgi?id=1265987
* https://bugzilla.suse.com/show_bug.cgi?id=1265988
* https://bugzilla.suse.com/show_bug.cgi?id=1265989
* https://bugzilla.suse.com/show_bug.cgi?id=1265990
* https://bugzilla.suse.com/show_bug.cgi?id=1265992
* https://bugzilla.suse.com/show_bug.cgi?id=1265995
* https://bugzilla.suse.com/show_bug.cgi?id=1265996
* https://bugzilla.suse.com/show_bug.cgi?id=1265997
* https://bugzilla.suse.com/show_bug.cgi?id=1266281
* https://bugzilla.suse.com/show_bug.cgi?id=1266282
* https://bugzilla.suse.com/show_bug.cgi?id=1267455
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20260623/3eb42491/attachment.htm>
More information about the sle-security-updates
mailing list