Automic VaultAutomic Vault

brew

Install h26forge with Homebrew, apk

Tool for making syntactically valid but semantically spec-noncompliant videos. Version 2024-07-06 via Homebrew; verified from local package data.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install h26forge

local Homebrew formula metadata

overview

Package summary

Tool for making syntactically valid but semantically spec-noncompliant videos

Commands and aliases

  • h26forge

history

Project history and usage

H26Forge is a research-oriented H.264 security tool for producing syntactically valid but semantically non-compliant video bitstreams. Its package-manager niche is narrow: it gives codec and vulnerability researchers a reproducible CLI for generating, mutating, and editing Annex B H.264 streams without hand-editing entropy-coded syntax elements.

Project history

The public repository was created in February 2023, alongside the USENIX Security 2023 paper by W.R. Vasquez, Stephen Checkoway, and Hovav Shacham. The README describes the tool as infrastructure for analyzing, generating, and manipulating H.264 files, and the paper frames it as a response to the difficulty of exploring bugs in hardware-accelerated and privileged video decoders.

H26Forge evolved around three modes: random mutation of syntax elements, scripted programmatic editing, and generation of Annex B H.264 streams that can be written to files or streamed over RTP. The project documentation also records conformance work against ITU H.264 test vectors and examples for reproducing specific decoder-bug conditions.

Adoption history

Adoption is primarily visible in security-research use rather than broad application development. The README lists vulnerabilities and fixes associated with H26Forge-generated or H26Forge-assisted test cases across FFmpeg/VLC, Apple platforms, Firefox, Pixel hardware decoding, and CoreMedia on Windows.

Its Homebrew formula made the research tool easier to install as a normal command-line package, which matters for a tool whose users may be reproducing papers, validating decoder behavior, or generating batches of proof-of-concept media on macOS.

How it is used

Typical use starts with generating an Annex B H.264 bitstream, mutating syntax elements from an existing stream, or running a Python editing script over decoded syntax elements before re-encoding. The project points users to FFmpeg for extracting Annex B streams from MP4 input and to `config/default.json` or specialized configs for generation ranges.

Why package nerds care

H26Forge is interesting because it packages a highly specialized academic/security artifact as a Rust CLI. Instead of being a codec, encoder, or transcoder, it deliberately creates edge-case media that remains parseable enough to exercise decoder semantics, filling a gap between fuzzers, bitstream analyzers, and multimedia test suites.

Timeline

  • 2023: Public GitHub repository created.
  • 2023: USENIX Security paper described H26Forge and its decoder-vulnerability workflow.
  • 2024: README trophy list included later decoder findings such as Pixel MFC and Apple CoreMedia issues.

Related projects

  • H26Forge sits near FFmpeg, ITU H.264 conformance vectors, browser and OS video decoders, and security fuzzing infrastructure. Its documentation also relates it to H.264/AVC specification work and to proof-of-concept generation for decoder CVEs.

security posture

Risk level: blue

broad file, network, media, or database tool signal.

Risk classifier

blue risk · medium confidence · tool

Why

  • broad file, network, media, or database tool signal

Signals

  • text:video

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 10 platform targets.
  • Build metadata lists 1 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
h26forgecliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version2024-07-06
manager updated
local dataok
upstreamnot checked
latest detectednot detected

https://github.com/h26forge/h26forge

install metadata

Package metadata

Package keybrew:h26forge
Version2024-07-06
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/h26forge
Homepagehttps://github.com/h26forge/h26forge
Repositoryhttps://github.com/h26forge/h26forge
Upstream docshttps://github.com/h26forge/h26forge#readme
LicenseMIT
Source archivehttps://github.com/h26forge/h26forge/archive/refs/tags/2024-07-06.tar.gz
Build dependenciesrust
Uses from macOSllvm
Bottleavailable (on arm64_linux, arm64_monterey, arm64_sequoia, arm64_sonoma, arm64_tahoe, arm64_ventura, monterey, sonoma, ventura, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Nameh26forge
Version Scheme0
Revision0
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

apk95%

h26forge 2024.07.06-r0

Analyze, generate, and manipulate syntactically correct but semantically spec-non-compliant video files

https://github.com/h26forge/h26forge

sudo apk add h26forge
  • License: MIT
  • Architecture: x86_64
  • Source Package: h26forge
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: H26forge
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: h26forge from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment