AttackFeed by Joe Wagner | libheif v1.21.0 Integer Overflow in Y4M Loader leading to Uncontrolled Memory Allocation  - Full Disclosure

libheif v1.21.0 Integer Overflow in Y4M Loader leading to Uncontrolled Memory Allocation  – Full Disclosure

Posted on By Joe-W
Alert Feeds

 

Posted by Ron E on Sep 08

An integer overflow vulnerability exists in the Y4M input loader (loadY4M
in decoder_y4m.cc) of libheif. The loader fails to properly validate the
width and height values declared in the Y4M file header. Supplying a
crafted .y4m file with extremely large dimensions (e.g., W2147483647
H2147483647) causes integer overflow during buffer size calculations. This
results in uncontrolled memory allocation requests that exceed supported
limits. Depending…
 – Read More  – Full Disclosure 

You may also like

Alert Feeds
Asterisk Security Release 18.26.4  – Full Disclosure
September 8, 2025
Alert Feeds
SEC Consult SA-20250807-0 :: Race Condition in Shopware Voucher Submission  – Full Disclosure
August 19, 2025
Alert Feeds
APPLE-SA-09-15-2025-1 iOS 26 and iPadOS 26  – Full Disclosure
September 16, 2025
Alert Feeds
libvips v8.18.0 Function Pointer Type Confusion in libvips Callback Dispatch  – Full Disclosure
September 16, 2025
AttackFeed by Joe Wagner
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.