Hi, Just FYI, there's a bunch of additional fuzz-related fixes in libheif's upstream git repo. I don't see any assigned CVEs other than the one you've tagged in this bug, but this heap buffer overflow fix in particular caught my eye as something we may want to include:
https://github.com/strukturag/libheif/issues/125 https://github.com/strukturag/libheif/commit/5a9b7f7564e158c6339f6d78a77de23720b15afd
