All errata/sisyphus_riscv64/ALT-PU-2023-2796-1
ALT-PU-2023-2796-1

Package update libheif in branch sisyphus_riscv64

Version1.15.1-alt1
Task#0
Published2023-03-08
Max severityHIGH
Severity:

Closed issues (2)

BDU:2023-01487
HIGH7.8

Уязвимость компилятора Emscripten библиотеки кодирования и декодирования файлов HEIF и AVIF Libheif, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-03-23Modified: 2025-03-21
CVSS 3.xHIGH 7.8
CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.0HIGH 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:C
References
CVE-2023-0996
HIGH7.8

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.

Published: 2023-02-24Modified: 2025-03-11
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References