A critical heap-based buffer overflow vulnerability exists in libheif v1.21.2 (and likely earlier versions) within the handling of uncompressed HEIF images (ISO/IEC 23001-17, unci item type). When processing a tiled image with chroma subsampling (e.g., 4:2:0 or 4:2:2), the library fails to scale spatial offsets for the chroma planes. This leads to out-of-bounds memory writes when decoding any tile other than the top-left one, potentially resulting in remote code execution (RCE). (from https://project-zero.issues.chromium.org/issues/507396184)