SUSE CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

ALPINE-CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

UBUNTU-CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

CVE-2026-32738 libheif has a Heap OOB Read/SEGV Crash via Zero samples_per_chunk

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

EUVD-2026-30972

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

CVE-2026-32738

libheif is a HEIF and AVIF file format decoder and encoder. In versions 1.21.2 and below, a crafted 792-byte HEIF sequence file with samplesperchunk=0 in the stsc box causes an unsigned integer underflow in the Chunk constructor mlastsample = 0 + 0 - 1 = UINT32MAX, mapping all samples to an empty...

CVE-2026-32738

libheif (versions

libheif 缓冲区错误漏洞

LibHEIF is a open-source decoder and encoder for the ISO/IEC 23008-12:2017 HEIF file format developed by Struktur. Versions of LibHEIF prior to 1.21.2 contain a buffer error vulnerability. This vulnerability arises from setting samplesperchunk=0 in the stsc box, causing an unsigned integer...

EUVD-2011-0275

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2017-14259

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the SDK in Bento4 1.5.0-616, the AP4StscAtom class in Ap4StscAtom.cpp contains a Write Memory Access Violation vulnerability. It is possible to exploit this...

Linux Distros Unpatched Vulnerability : CVE-2021-21845

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A...

CLSA-2025-1744633827 nginx: Fix of CVE-2024-7347

CVE-2024-7347: fix MP4 stsc cropping: prevent overflow and buffer underread causing invalid seeks and possible segfault...

DEBIAN-CVE-2021-21845

Multiple exploitable integer overflow vulnerabilities exist within the MPEG-4 decoding functionality of the GPAC Project on Advanced Content library v1.0.1. A specially crafted MPEG-4 input in “stsc” decoder can cause an integer overflow due to unchecked arithmetic resulting in a heap-based buffe...

GPAC Project Advanced Content 缓冲区错误漏洞

GPAC Project on Advanced Content is an open source cross-platform library that implements the MPEG-4 system standard and provides tools for media playback, vector graphics, and 3D rendering. an integer overflow vulnerability exists in the MPEG-4 decoding functionality in GPAC Project on Advanced...

Freeware Advanced Audio mp4ff_read_stsc Denial of Service Vulnerability

Freeware Advanced Audio Decoder is advanced audio encoder. Freeware Advanced Audio Decoder 2 FAAD2 version 2.7, a security vulnerability exists in the common/mp4ff/mp4atom.c/mp4ffreadstsc function, which can be exploited by remote attackers to cause a denial of service vulnerability via a...

DEBIAN-CVE-2017-9219

The mp4ffreadstsc function in common/mp4ff/mp4atom.c in Freeware Advanced Audio Decoder 2 FAAD2 2.7 allows remote attackers to cause a denial of service memory allocation error and application crash via a crafted mp4 file...

PT-2017-3907 · Faad2 Team +1 · Faad2 +1

Name of the Vulnerable Software and Affected Versions: FAAD2 version 2.7 Description: The issue is related to the mp4ff read stsc function, which can be exploited by remote attackers to cause a denial of service. This is achieved through a crafted mp4 file, leading to a large loop and significant...

Android Stagefright Remote Code Execution

!/usr/bin/env python Joshua J. Drake @jduck of ZIMPERIUM zLabs Shout outs to our friends at Optiv formerly Accuvant Labs C Joshua J. Drake, ZIMPERIUM Inc, Mobile Threat Protection, 2015 www.zimperium.com Exploit for RCE Vulnerability CVE-2015-1538 1 Integer Overflow in the libstagefright MP4 ‘sts...

CVE-2011-0249

Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted STSC atoms in a QuickTime movie file...

Heap overflow

Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted STSC atoms in a QuickTime movie file...