Source: libheif X-Debbugs-CC: [email protected] Severity: important Tags: security
Hi, The following vulnerabilities were published for libheif. CVE-2023-49460[0]: | libheif v1.17.5 was discovered to contain a segmentation violation | via the function UncompressedImageCodec::decode_uncompressed_image. https://github.com/strukturag/libheif/issues/1046 https://github.com/strukturag/libheif/commit/fd5b02aca3e29088bf0a1fc400bd661be4a6ed76 CVE-2023-49462[1]: | libheif v1.17.5 was discovered to contain a segmentation violation | via the component /libheif/exif.cc. https://github.com/strukturag/libheif/issues/1043 https://github.com/strukturag/libheif/commit/730a9d80bea3434f75c79e721878cc67f3889969 CVE-2023-49463[2]: | libheif v1.17.5 was discovered to contain a segmentation violation | via the function find_exif_tag at /libheif/exif.cc. https://github.com/strukturag/libheif/issues/1042 https://github.com/strukturag/libheif/commit/26ec3953d46bb5756b97955661565bcbc6647abf CVE-2023-49464[3]: | libheif v1.17.5 was discovered to contain a segmentation violation | via the function UncompressedImageCodec::get_luma_bits_per_pixel_fro | m_configuration_unci. https://github.com/strukturag/libheif/issues/1044 https://github.com/strukturag/libheif/pull/1049 https://github.com/strukturag/libheif/commit/2bf226a300951e6897ee7267d0dd379ba5ad7287 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-49460 https://www.cve.org/CVERecord?id=CVE-2023-49460 [1] https://security-tracker.debian.org/tracker/CVE-2023-49462 https://www.cve.org/CVERecord?id=CVE-2023-49462 [2] https://security-tracker.debian.org/tracker/CVE-2023-49463 https://www.cve.org/CVERecord?id=CVE-2023-49463 [3] https://security-tracker.debian.org/tracker/CVE-2023-49464 https://www.cve.org/CVERecord?id=CVE-2023-49464 Please adjust the affected versions in the BTS as needed.
