Bug 2253565 (CVE-2023-49463) - CVE-2023-49463 libheif: find_exif_tag SEGV
Summary: CVE-2023-49463 libheif: find_exif_tag SEGV
Keywords:
Status: NEW
Alias: CVE-2023-49463
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2253566
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-12-07 22:53 UTC by Nick Tait
Modified: 2023-12-15 21:21 UTC (History)
0 users

Fixed In Version:
Doc Type: ---
Doc Text:
A heap buffer overflow flaw was found in the find_exif_tag function in libheif. This flaw allows an attacker to cause a crash or other possible unspecified impacts. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Nick Tait 2023-12-07 22:53:55 UTC 
libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.
Comment 1 Nick Tait 2023-12-07 22:54:08 UTC 
Created libheif tracking bugs for this issue:

Affects: fedora-all [bug 2253566]
Comment 3 Dominik 'Rathann' Mierzejewski 2023-12-15 11:12:45 UTC 
Is this https://github.com/strukturag/libheif/issues/1042 ?

Please link to upstream tickets in these bug reports. They're useless otherwise.
Comment 4 Nick Tait 2023-12-15 21:20:46 UTC 
Hey Dominik, sorry for the very sparse report. Yes, that is the correct issue link.

RH ProdSec uses a special field to share those kinds of links, it shows up on a full CVE page as "external references" however in the case of a flaw which exclusively affects community projects, there is no CVE page and that particular data isn't visible thru bugzilla. I had no idea it worked like. In future I'll be more careful to also paste links into the first comment so it is readily available to the people who need it.
Note You need to log in before you can comment on or make changes to this bug.