CVE-2026-32814

medium Red Hat
CVSS v3 Base Score
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Confidentiality
High
Integrity
None
Availability
None
Published: May 19, 2026 (51 days ago)
Last Modified: May 19, 2026
Vendor: Red Hat
Source: REDHAT

Description

A flaw was found in libheif, a HEIF and AVIF file format decoder and encoder. When processing a specially crafted HEIF or AVIF image containing a corrupted grid tile, the library fails to properly initialize memory. This can lead to an information disclosure, where uninitialized heap memory, potentially containing sensitive data such as authentication tokens or other user information, is exposed as part of the decoded image's pixel values. An attacker could exploit this by providing a malicious file, leading to the leakage of internal system data.

CWE

CWE-908

Affected Products

Red Hat Enterprise Linux 10

References