Package libheif updated to version 1.15.1-alt1 for branch sisyphus in task 316314.

Published: 2023-02-23

BDU:2023-01487

Уязвимость компилятора Emscripten библиотеки кодирования и декодирования файлов HEIF и AVIF Libheif, позволяющая нарушителю вызвать отказ в обслуживании

Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

CVE-2023-0996

Published: 2023-02-24
Modified: 2025-03-12

CVE-2023-0996

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:

https://github.com/strukturag/libheif/pull/759
https://github.com/strukturag/libheif/pull/759
https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html
https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html

Version: 2.1.0

Package libheif update in sisyphus on 2023-03-06

ALT-PU-2023-1389-1

Closed vulnerabilities

BDU:2023-01487

CVE-2023-0996