LIBHEIF-0008
medium verifiedColor conversion: heap OOB read converting odd-dimension uncompressed 4:2:0 (decoder floor-allocates chroma; multiple ceil-assuming conversion sinks incl. the common 4:2:0→RGB path)
Full technical details — the precise location, reproduction, proof-of-concept and the write-up — are withheld until this finding is publicly disclosed in coordination with the upstream maintainers. The classification below is published; the rest will appear here once the advisory is live.
Classification
| Target | libheif |
|---|---|
| Area | Color conversion |
| Vuln class | oob-read |
| Severity | medium |
| Status | verified |
| Discovered | 2026-06-21 |