CVE-2026-41069

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the core sequence parsing process. An attacker can cause a crash or denial of service by providing a specially crafted HEIF file that manipulates the stco.entrycount, saio.entrycount, and saiz.samplecount values to...

CVE-2026-41069

Summary: CVE-2026-41069 affects libheif up to v1.21.2, where a malformed HEIF sequence can trigger an out-of-bounds read in core sequence parsing, leading to DoS. The issue occurs when stco.entry_count == 0 but saiz.sample_count > 0, causing the SampleAuxInfoReader loop to dereference an empty...

CVE-2026-41069 libheif allows Out-of-bounds vector access leading to invalid dereference (DoS)

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and prior, a malformed HEIF sequence file can trigger an out-of-bounds read in core sequence parsing logic, causing DoS. A malformed file can have stco.entrycount == 0 creating no chunks while still passing validation...

PT-2026-38836

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux parse samples within qtdemux.c. This issue arises when the function qtdemux parse samples reads data beyond the boundaries of the stream-stco buffer. The following co...

BIT-JAVA-2024-47597 GHSL-2024-245: GStreamer has an OOB-read in qtdemux_parse_samples

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue arises when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following code...

PT-2026-37815

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux parse samples within qtdemux.c. This issue arises when the function qtdemux parse samples reads data beyond the boundaries of the stream-stco buffer. The following co...

Linux Distros Unpatched Vulnerability : CVE-2018-20659

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Bento4 1.5.1-627. The AP4StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from...

SUSE CVE-2024-47597

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue arises when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following code...

AZL-62384 CVE-2024-47597 affecting package gstreamer1 1.20.0-2

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue arises when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following code...

DEBIAN-CVE-2024-47597

GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemuxparsesamples within qtdemux.c. This issue arises when the function qtdemuxparsesamples reads data beyond the boundaries of the stream-stco buffer. The following code...

The vulnerability of the stco decoder, a component of the MPEG-4 multimedia platform GPAC, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the stco decoder, a component of the MPEG-4 multimedia platform GPAC, is related to incorrect checking of the result of an arithmetic operation. Exploiting this vulnerability allows a remote attacker to gain access to confidential data, compromise its integrity, and cause...

DEBIAN-CVE-2021-21844

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the “stco” FOURCC code, can cause an integer overflow due to unchecked...

UBUNTU-CVE-2021-21844

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the “stco” FOURCC code, can cause an integer overflow due to unchecked...

CVE-2021-21844

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input when encountering an atom using the “stco” FOURCC code, can cause an integer overflow due to unchecked...

The vulnerability of the mp4ff_read_stco function in software for working with audio files, found in the Freeware Advanced Audio Decoder 2 (FAAD2) software, allows a hacker to cause a service failure.

The vulnerability of the mp4ffreadstco function in software for working with audio files, found in the Freeware Advanced Audio Decoder 2 FAAD2, relates to the execution of a loop without sufficient restrictions on its execution count. Exploiting this vulnerability could allow an attacker to cause...

The vulnerability of the mp4ff_read_stco function (common/mp4ff/mp4atom.c) in the Freeware Advanced Audio Decoder 2 (FAAD2) allows a hacker to trigger a service denial.

The vulnerability of the mp4ffreadstco function common/mp4ff/mp4atom.c in the Freeware Advanced Audio Decoder 2 FAAD2 audio decoder is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow an attacker to cause a service failure using a...

UBUNTU-CVE-2018-20659

An issue was discovered in Bento4 1.5.1-627. The AP4StcoAtom class in Core/Ap4StcoAtom.cpp has an attempted excessive memory allocation when called from AP4AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp, as demonstrated by mp42hls...

UBUNTU-CVE-2017-9256

The mp4ffreadstco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 FAAD2 2.7 allows remote attackers to cause a denial of service large loop and CPU consumption via a crafted mp4 file...

DEBIAN-CVE-2017-9256

The mp4ffreadstco function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 FAAD2 2.7 allows remote attackers to cause a denial of service large loop and CPU consumption via a crafted mp4 file...