Submeter #766431: strukturag libheif 1.21.2 Out-of-Bounds Readinformação

Títulostrukturag libheif 1.21.2 Out-of-Bounds Read
DescriçãoThis vulnerability is a sequence–track consistency validation flaw in libheif. A crafted file can declare more samples in stsz/stts than are actually covered by stsc. Track::load fails to reject this inconsistent state, allowing it to propagate. As a result, Track::init_sample_timing_table may compute an out-of-range chunkIdx, and Track_Visual::decode_next_image_sample subsequently dereferences m_chunks[chunkIdx] without proper bounds checking. This leads to a heap out-of-bounds read and a process crash (DoS).
Fonte⚠️ https://github.com/strukturag/libheif/issues/1715
Utilizador
 Niebelungen (UID 95430)
Submissão24/02/2026 11h34 (há 3 meses)
Moderação11/03/2026 13h03 (15 days later)
EstadoAceite
Entrada VulDB350382 [strukturag libheif até 1.21.2 stsz/stts track.cc Track::load Divulgação de Informação]
Pontos20

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!