PT-2026-24799 · Struktur Ag · Libheif

Niebelungen

Publicado

2026-02-23

Atualizado

2026-05-28

CVE-2026-3950

CVSS v3.1

3.3

Baixa

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions strukturag libheif versions up to 1.21.2

Description A flaw exists in strukturag libheif, specifically within the Track::load function located in the libheif/sequences/track.cc file, related to the stsz/stts component. This can lead to an out-of-bounds read condition. The attack requires local access. An exploit for this issue is publicly available.

Recommendations Apply a patch to address this issue. Note that the available patch is currently unofficial and not yet approved.

Exploit

Correção

Buffer Overflow

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-125

Identificadores relacionados

BDU:2026-05076

CVE-2026-3950

ECHO-D166-5C0F-238B

OPENSUSE-SU-2026:10878-1

Produtos afetados

Libheif

PT-2026-24799 · Struktur Ag · Libheif

CVE-2026-3950

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 34