CVE-2026-41071

Name of the Vulnerable Software and Affected Versions libheif versions prior to 1.22.0

Description A heap-buffer-overflow (out-of-bounds read) occurs in the SampleAuxInfoReader constructor when parsing a crafted HEIF sequence file. The issue arises because the constructor iterates over the number of samples declared in the saiz box using saiz->get num samples() without validating that this count is consistent with the number of chunks in the chunks vector. Consequently, if the saiz box declares more samples than the chunks cover, the loop increments current chunk beyond the size of the chunks vector, leading to an out-of-bounds read. This is triggered during file parsing via the heif context read from file function without requiring user interaction.

Recommendations Update to version 1.22.0.