Skip to content

v0.5.2

Choose a tag to compare

View all tags
@lilith lilith released this 01 Apr 20:02
· 29 commits to main since this release
v0.5.2
f64891f

Security fixes

  • fix: Prevent OOM from malformed ISOBMFF box sizes — validates claimed box size against available bytes before allocating
  • fix: Validate entity/reference counts against remaining box bytes — prevents allocation amplification from crafted entity counts
  • fix: Validate entry_count against remaining box bytes in sample tables — prevents OOM from malformed animation sample tables
  • fix: Prevent infinite loop in tile_log2 on crafted AV1 OBU — CRITICAL, could hang indefinitely on malformed input
  • fix: Default constructors use DecodeConfig::default() with sane resource limits

Full Changelog: v0.5.1...v0.5.2

Assets 2
Loading