CVE-2026-3950 | strukturag libheif up to 1.21.2 stsz/stts track.cc Track::load out-of-bounds (Issue 1715)

Inserito da Angelo Barbosa | Mar 11, 2026 | CVE

A vulnerability has been found in strukturag libheif up to 1.21.2 and classified as problematic. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read.

This vulnerability is documented as CVE-2026-3950. The attack needs to be performed locally. Additionally, an exploit exists.

Applying a patch is the recommended action to fix this issue.

The patch available is inofficial and not approved yet.

CVE-2026-3950 | strukturag libheif up to 1.21.2 stsz/stts track.cc Track::load out-of-bounds (Issue 1715)

Post correlati

CVE-2023-36647 | ProLion CryptoSpike 3.0.15P2 REST API Endpoint hard-coded key

CVE-2026-2201 | ZeroWdd studentmanager up to 2151560fc0a50ec00426785ec1e01a3763b380d9 LeaveController.java addLeave Reason for Leave cross site scripting

CVE-2025-15202 | SohuTV CacheCloud up to 3.2.0 TaskController.java taskQueueList cross site scripting (Issue 374)

CVE-2025-63679 | free5GC up to 4.1.0 NGAP Message buffer overflow (Issue 725)