Описание
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. Applying a patch is the recommended action to fix this issue. The patch available is inofficial and not approved yet.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| libheif | unfixed | package | ||
| libheif | not-affected | trixie | package | |
| libheif | not-affected | bookworm | package | |
| libheif | not-affected | bullseye | package |
Примечания
Introduced after: https://github.com/strukturag/libheif/commit/16e205f12bfe9a3717ca1d3b447fa83f66bc87e9 (v1.20.0)
https://github.com/strukturag/libheif/issues/1715
Fixed by: https://github.com/strukturag/libheif/pull/1721
EPSS
Связанные уязвимости
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. Applying a patch is the recommended action to fix this issue. The patch available is inofficial and not approved yet.
A flaw was found in libheif. A local attacker could exploit an out-of-bounds read vulnerability in the `Track::load` function within the `stsz/stts` component. This manipulation could lead to a Denial of Service (DoS), making the affected system or application unavailable.
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. Applying a patch is the recommended action to fix this issue. The patch available is inofficial and not approved yet.
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. Applying a patch is the recommended action to fix this issue. The patch available is inofficial and not approved yet.
EPSS