Jju00

**Name of the Vulnerable Software and Affected Versions** libheif versions prior to 1.21.3 **Description** An out-of-bounds read can occur in the core sequence parsing logic when processing a malformed HEIF sequence file, leading to a Denial of Service (DoS). This happens when a file has `stco.entry count` set to 0, resulting in no chunks being created, but `saiz.sample count` is greater than 0. In chunked mode, the `SampleAuxInfoReader` constructor enters a loop that causes an out-of-bounds dereference on the empty `chunks[0]` element. **Recommendations** Update to a version later than 1.21.2.