A vulnerability classified as critical has been found in strukturag libheif up to 1.21.x . Affected by this vulnerability is the function MaskImageCodec::decode_mask_image of the component AVIF File Handler . The manipulation leads to heap-based buffer overflow. This vulnerability is uniquely identified as CVE-2026-32741 . The attack is possible to be carried out remotely. No exploit exists. It is recommended to upgrade the affected component.