ALT-PU-2023-1564-1
Closed vulnerabilities
Published: 2023-05-05
BDU:2023-03407
Уязвимость функции heif::Fraction::round() в box.cc декодера форматов файлов HEIF и AVIF libheif, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (6.5)
Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: HIGH (7.8)
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
References:
Published: 2023-05-05
Modified: 2025-01-29
Modified: 2025-01-29
CVE-2023-29659
A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.
Severity: MEDIUM (6.5)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References:
- https://github.com/strukturag/libheif/issues/794
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L/
- https://github.com/strukturag/libheif/issues/794
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L/