CVE-2026-3949 strukturag libheif HEIF File decoder_vvdec.cc vvdec_push_data2 out-of-bounds
A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdecpushdata2 of the file libheif/plugins/decodervvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched...