WRITEUP

The repository contains a detailed technical analysis of CVE-2026-3713, focusing on an out-of-bounds read vulnerability in libheif's `vvdec_push_data2()` function due to missing length validation. It includes vulnerable code snippets, a comparison with a properly guarded function, and an ASAN trace demonstrating the heap-buffer-overflow.