2253567 – (CVE-2023-49462) CVE-2023-49462 libheif: read16 segv

Bug 2253567 (CVE-2023-49462) - CVE-2023-49462 libheif: read16 segv

Summary: CVE-2023-49462 libheif: read16 segv

Keywords:
Status:	NEW
Alias:	CVE-2023-49462
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2253568
Blocks:
TreeView+	depends on / blocked

Reported:	2023-12-07 22:58 UTC by Nick Tait
Modified:	2023-12-15 21:11 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	---
Doc Text:	A heap buffer overflow flaw was found in the read16 function in libheif. This flaw allows an attacker to cause a crash or other possible unspecified impacts. The highest threat from this vulnerability is to system availability.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Nick Tait 2023-12-07 22:58:35 UTC

libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.

Comment 1 Nick Tait 2023-12-07 22:58:49 UTC

Created libheif tracking bugs for this issue:

Affects: fedora-all [bug 2253568]

Comment 3 Dominik 'Rathann' Mierzejewski 2023-12-15 11:08:18 UTC

This has zero information about the supposed bug, not even a link to upstream report. I'm going to close this as invalid unless you provide more information.

Comment 4 Dominik 'Rathann' Mierzejewski 2023-12-15 11:11:06 UTC

Is this https://github.com/strukturag/libheif/issues/1043 ?

Comment 5 Nick Tait 2023-12-15 21:11:43 UTC

Sorry about that, yes that is the correct issue link.

Note You need to log in before you can comment on or make changes to this bug.