libheif is an ISO/IEC 23008-12:2017 HEIF file format decoder and encoder. libheif version 1.4.0 contains a denial-of-service vulnerability in heif::Box_iref::get_references. The vulnerability stems from an invalid memory read. An attacker could exploit this vulnerability to cause a denial of service.