2294454 – (CVE-2019-11471, CVE-2023-0996) CVE-2019-11471 CVE-2023-0996 libheif: new security issues

Bug 2294454 (CVE-2019-11471, CVE-2023-0996) - CVE-2019-11471 CVE-2023-0996 libheif: new security issues

Summary: CVE-2019-11471 CVE-2023-0996 libheif: new security issues

Keywords:
Status:	NEW
Alias:	CVE-2019-11471, CVE-2023-0996
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2294455
Blocks:
TreeView+	depends on / blocked

Reported:	2024-06-27 01:10 UTC by Patrick Del Bello
Modified:	2024-12-05 12:00 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Patrick Del Bello 2024-06-27 01:10:51 UTC

libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images.

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.

Comment 1 Patrick Del Bello 2024-06-27 01:11:05 UTC

Created libheif tracking bugs for this issue:

Affects: fedora-all [bug 2294455]

Comment 2 Dominik 'Rathann' Mierzejewski 2024-12-05 12:00:33 UTC

CVE-2019-11471 was fixed in libheif-1.4.1 (https://github.com/strukturag/libheif/commit/8dc35cda0ae5ad7bf2d2fae7354e08074ac79d18)
CVE-2023-0996 was fixed in libheif-1.15.0 (https://github.com/strukturag/libheif/commit/03db9fb196501ff6690af2238d0355d98f768d5c)

Note You need to log in before you can comment on or make changes to this bug.