Highlights
Integer Overflow: 27 prior fixes. Scrutinize any change in this area.
libheif/box.cc: most-fixed (14 issues). Treat as high-risk during review.
65 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns
The bug types that recur here, drawn from past fixes, not open vulnerabilities.
Integer Overflow: The parsing of structural boxes like 'iloc', 'saio', and 'dref' in libheif/box.cc has repeatedly suffered from integer overflow and signedness comparison bugs, enabling attackers to bypass memory limit checks or corrupt heap allocations.
Memory Corruption: Parallel tile decoding, grid image reconstitution, and image compositing inside libheif/heif_context.cc are prone to memory corruption and heap write overflows when mismatched tile bit-depths, dimensions, or chroma formats are combined.
Integer Overflow: Pixel image allocation and transformation computations on images with maximum uint32 dimensions are vulnerable to 32-bit integer overflows when calculating stride, chroma padding, and bounding-box intersections.