| Title | strukturag libheif 1.21.2 Out-of-Bounds Read |
|---|
| Description | This vulnerability is a sequence–track consistency validation flaw in libheif. A crafted file can declare more samples in stsz/stts than are actually covered by stsc. Track::load fails to reject this inconsistent state, allowing it to propagate. As a result, Track::init_sample_timing_table may compute an out-of-range chunkIdx, and Track_Visual::decode_next_image_sample subsequently dereferences m_chunks[chunkIdx] without proper bounds checking. This leads to a heap out-of-bounds read and a process crash (DoS). |
|---|
| Source | ⚠️ https://github.com/strukturag/libheif/issues/1715 |
|---|
| User | Niebelungen (UID 95430) |
|---|
| Submission | 02/24/2026 11:34 (4 months ago) |
|---|
| Moderation | 03/11/2026 13:03 (15 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 350382 [strukturag libheif up to 1.21.2 stsz/stts track.cc Track::load out-of-bounds] |
|---|
| Points | 20 |
|---|