Security context

What an agent needs to avoid regressing past fixes and find the next vuln in this repo.

strukturag/libheif
master @ 1a3583b
95
Fixes
0
CVEs
HIGH
Peak severity
Highlights
Integer Overflow: 27 prior fixes. Scrutinize any change in this area.
libheif/box.cc: most-fixed (14 issues). Treat as high-risk during review.
65 high-severity fixes in this history; regressions here are high-impact.
Recurring patterns

The bug types that recur here, drawn from past fixes, not open vulnerabilities.

Integer Overflow: The parsing of structural boxes like 'iloc', 'saio', and 'dref' in libheif/box.cc has repeatedly suffered from integer overflow and signedness comparison bugs, enabling attackers to bypass memory limit checks or corrupt heap allocations.
Memory Corruption: Parallel tile decoding, grid image reconstitution, and image compositing inside libheif/heif_context.cc are prone to memory corruption and heap write overflows when mismatched tile bit-depths, dimensions, or chroma formats are combined.
Integer Overflow: Pixel image allocation and transformation computations on images with maximum uint32 dimensions are vulnerable to 32-bit integer overflows when calculating stride, chroma padding, and bounding-box intersections.