Vulnerability Description
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. Applying a patch is the recommended action to fix this issue. The patch available is inofficial and not approved yet.
CVSS Score
LOW
Related Weaknesses (CWE)
References
- https://github.com/Niebelungen-D/pocs/tree/main/heif_dec_sequence_chunk_idx_oob
- https://github.com/strukturag/libheif/
- https://github.com/strukturag/libheif/issues/1715
- https://github.com/strukturag/libheif/pull/1721
- https://vuldb.com/?ctiid.350382
- https://vuldb.com/?id.350382
- https://vuldb.com/?submit.766431
FAQ
What is CVE-2026-3950?
CVE-2026-3950 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to ou...
How severe is CVE-2026-3950?
CVE-2026-3950 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-3950?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.