Bug#1059151: libheif: CVE-2023-49460 CVE-2023-49462 CVE-2023-49463 CVE-2023-49464
Source: libheif
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerabilities were published for libheif.
CVE-2023-49460[0]:
| libheif v1.17.5 was discovered to contain a segmentation violation
| via the function UncompressedImageCodec::decode_uncompressed_image.
https://github.com/strukturag/libheif/issues/1046
https://github.com/strukturag/libheif/commit/fd5b02aca3e29088bf0a1fc400bd661be4a6ed76
CVE-2023-49462[1]:
| libheif v1.17.5 was discovered to contain a segmentation violation
| via the component /libheif/exif.cc.
https://github.com/strukturag/libheif/issues/1043
https://github.com/strukturag/libheif/commit/730a9d80bea3434f75c79e721878cc67f3889969
CVE-2023-49463[2]:
| libheif v1.17.5 was discovered to contain a segmentation violation
| via the function find_exif_tag at /libheif/exif.cc.
https://github.com/strukturag/libheif/issues/1042
https://github.com/strukturag/libheif/commit/26ec3953d46bb5756b97955661565bcbc6647abf
CVE-2023-49464[3]:
| libheif v1.17.5 was discovered to contain a segmentation violation
| via the function UncompressedImageCodec::get_luma_bits_per_pixel_fro
| m_configuration_unci.
https://github.com/strukturag/libheif/issues/1044
https://github.com/strukturag/libheif/pull/1049
https://github.com/strukturag/libheif/commit/2bf226a300951e6897ee7267d0dd379ba5ad7287
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-49460
https://www.cve.org/CVERecord?id=CVE-2023-49460
[1] https://security-tracker.debian.org/tracker/CVE-2023-49462
https://www.cve.org/CVERecord?id=CVE-2023-49462
[2] https://security-tracker.debian.org/tracker/CVE-2023-49463
https://www.cve.org/CVERecord?id=CVE-2023-49463
[3] https://security-tracker.debian.org/tracker/CVE-2023-49464
https://www.cve.org/CVERecord?id=CVE-2023-49464
Please adjust the affected versions in the BTS as needed.
Reply to: