Description of the patch:
This update for libheif fixes the following issues
Update to 1.23.0:
- CVE-2025-68431: heap buffer over-read in
HeifPixelImage: overlay() via crafted HEIF that exercises the overlay image
item (bsc#1255735).
- CVE-2026-3950: manipulation of the component stsz/stts can lead to out-of-bounds read (bsc#1259544).
- CVE-2026-32738: Heap OOB Read / SEGV Crash via Zero samples_per_chunk in stsc (bsc#1265874).
- CVE-2026-32739: Infinite Loop DoS in stts Sample Duration Lookup (bsc#1265875).
- CVE-2026-32740: Heap-Buffer-Overflow Write in Grid Tile Chroma Compositing (bsc#1265876).
- CVE-2026-32741: heap buffer overflow in decode_mask_image() (bsc#1265877).
- CVE-2026-32814: Uninitialized Heap Memory Information Leak via Failed Grid Tiles (bsc#1265878).
- CVE-2026-32882: Heap Buffer OOB Read in overlay compositing due to wrong alpha stride (bsc#1265879).
- CVE-2026-41069: Out-of-bounds vector access leading to invalid dereference (bsc#1265979).
- CVE-2026-41071: Heap buffer over-read in SampleAuxInfoReader via crafted HEIF sequence file with mismatched saiz
sample count (bsc#1265980).
- CVE-2026-47178: Heap Out Of Bounds Write in unci subsystem (bsc#1265981).
- CVE-2026-47247: Heap Information Disclosure via Grid Image Gap + Uninitialized Pixel Plane Allocation (bsc#1265982).
- CVE-2026-47251: integer overflow bypass in vvdec_push_data2 (bsc#1265983).
- CVE-2026-47254: Heap Buffer Overflow in
Track: get_next_sample_raw_data() -- OOB Chunk Vector Access (bsc#1265987).
- CVE-2026-47709: NULL pointer dereference in heif_image_handle_get_image_tiling for malformed unci image missing ispe
(bsc#1265988).
- CVE-2026-47714: Integer overflow in inline mask size calculation causes undersized buffer allocation (bsc#1265989).
- CVE-2026-48029: heap OOB read in ImageItem_Grid: decode_grid_tile via irot-induced tile-coordinate underflow
(bsc#1265990).
- CVE-2026-49271: Wrapped icef compressed-unit range check causes out-of-bounds read in...