JLSEC-2026-571

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

CVE-2026-32739

libheif (HEIF/AVIF decoder) is affected through versions 1.21.2 and earlier, where a crafted 800-byte HEIF sequence file can trigger an infinite loop in Box_stts::get_sample_duration() during parsing, causing 100% CPU DoS with no progress and no crashログ. The issue is triggered on file open and is...

CVE-2026-32739

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 800-byte HEIF sequence file causes an infinite loop in Boxstts::getsampleduration, consuming 100% CPU indefinitely with zero progress, leading to DoS. The loop has no iteration limit or timeout and...

libheif 安全漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a security vulnerability. This vulnerability stems from an infinite loop in Boxstts::getsampleduration, which consumes 100% of the CPU...

Apple QuickTime STTS atom Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple Quicktime. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Quicktim...