Full Disclosure mailing list archives

libheif v1.21.0 Null Pointer Dereference in std::vector<unsigned>::empty


From: Ron E <ronaldjedgerson () gmail com>
Date: Sat, 23 Aug 2025 10:22:34 -0400

During construction of a Track_Visual object, corrupted sequence metadata
can leave a std::vector<unsigned> uninitialized. When .empty() is called,
it attempts to dereference a null object.

*Root Cause:*

   -

   Missing input validation when constructing vectors from parsed boxes.

*Impact:*

   -

   Application crash (DoS).
   -

   Not exploitable for code execution.

*Evidence:*

==1174955==ERROR: AddressSanitizer: SEGV in std::vector<unsigned>::empty()
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/


Current thread: