
Full Disclosure mailing list archives
libheif v1.21.0 Null Pointer Dereference in std::vector<unsigned>::empty
From: Ron E <ronaldjedgerson () gmail com>
Date: Sat, 23 Aug 2025 10:22:34 -0400
During construction of a Track_Visual object, corrupted sequence metadata can leave a std::vector<unsigned> uninitialized. When .empty() is called, it attempts to dereference a null object. *Root Cause:* - Missing input validation when constructing vectors from parsed boxes. *Impact:* - Application crash (DoS). - Not exploitable for code execution. *Evidence:* ==1174955==ERROR: AddressSanitizer: SEGV in std::vector<unsigned>::empty() _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: https://seclists.org/fulldisclosure/
Current thread:
- libheif v1.21.0 Null Pointer Dereference in std::vector<unsigned>::empty Ron E (Sep 08)