[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] libheif v1.21.0 Null Pointer Dereference in Box_hdlr::get_handler_type

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] libheif v1.21.0 Null Pointer Dereference in Box_hdlr::get_handler_type
From: Ron E <ronaldjedgerson@xxxxxxxxx>
Date: Sat, 23 Aug 2025 10:21:44 -0400

Box_hdlr::get_handler_type() (libheif/box.h:487) is called even when the
hdlr box has not been properly initialized due to malformed input. This
leads to dereferencing a null object pointer.

*Root Cause:*

   -

   No validation of hdlr box presence before accessing handler fields.

*Impact:*

   -

   Application crash only (DoS).
   -

   No memory corruption or exploitability.



*Evidence:*==2436988==ERROR: AddressSanitizer: SEGV on unknown address
0x0000000000ac
#0 Box_hdlr::get_handler_type() const libheif/box.h:487
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Prev by Date: [FD] libheif v1.21.0 Out-of-Bounds Read in FullBox::get_flags
Next by Date: [FD] libheif v1.21.0 Null Pointer Dereference in std::vector<unsigned>::empty
Previous by thread: [FD] libheif v1.21.0 Out-of-Bounds Read in FullBox::get_flags
Next by thread: [FD] libheif v1.21.0 Null Pointer Dereference in std::vector<unsigned>::empty
Index(es):
- Date
- Thread