Описание
libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images.
Ссылки
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
- PatchThird Party Advisory
- ExploitPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:struktur:libheif:1.4.0:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00291
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-416
Связанные уязвимости
CVSS3: 8.8
ubuntu
больше 6 лет назад
libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images.
CVSS3: 8.8
debian
больше 6 лет назад
libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_al ...
CVSS3: 8.8
github
около 3 лет назад
libheif 1.4.0 has a use-after-free in heif::HeifContext::Image::set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images.
EPSS
Процентиль: 52%
0.00291
Низкий
8.8 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-416