PUBLIC MIRROR A read-only public view of Anvil. Only publicly-disclosed findings are shown; the Playbook, techniques, sessions and embargoed research are hidden.

← Findings

LIBHEIF-0010

medium harness-verified

Image sequences: unbounded allocation reading a sample (append_data_from_file_range ignores security limits) → memory-exhaustion DoS

🔒 Pending public disclosure

Full technical details — the precise location, reproduction, proof-of-concept and the write-up — are withheld until this finding is publicly disclosed in coordination with the upstream maintainers. The classification below is published; the rest will appear here once the advisory is live.

Classification

Targetlibheif
AreaImage sequences
Vuln classdos
Severitymedium
Statusharness-verified
Discovered2026-06-21