Описание
Security update for libheif
This update for libheif fixes the following issues:
- CVE-2024-41311: Fixed out-of-bounds read and write in ImageOverlay:parse() due to decoding a heif file containing an overlay image with forged offsets (bsc#1231714).
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
libheif1-1.12.0-150400.3.14.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6
libheif1-1.12.0-150400.3.14.1
SUSE Linux Enterprise Module for Package Hub 15 SP5
gdk-pixbuf-loader-libheif-1.12.0-150400.3.14.1
libheif-devel-1.12.0-150400.3.14.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
gdk-pixbuf-loader-libheif-1.12.0-150400.3.14.1
libheif-devel-1.12.0-150400.3.14.1
openSUSE Leap 15.5
gdk-pixbuf-loader-libheif-1.12.0-150400.3.14.1
libheif-devel-1.12.0-150400.3.14.1
libheif1-1.12.0-150400.3.14.1
libheif1-32bit-1.12.0-150400.3.14.1
openSUSE Leap 15.6
gdk-pixbuf-loader-libheif-1.12.0-150400.3.14.1
libheif-devel-1.12.0-150400.3.14.1
libheif1-1.12.0-150400.3.14.1
libheif1-32bit-1.12.0-150400.3.14.1
Ссылки
- Link for SUSE-SU-2024:3960-1
- E-Mail link for SUSE-SU-2024:3960-1
- SUSE Security Ratings
- SUSE Bug 1231714
- SUSE CVE CVE-2024-41311 page
Описание
In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libheif1-1.12.0-150400.3.14.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libheif1-1.12.0-150400.3.14.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:gdk-pixbuf-loader-libheif-1.12.0-150400.3.14.1
SUSE Linux Enterprise Module for Package Hub 15 SP5:libheif-devel-1.12.0-150400.3.14.1
Ссылки
- CVE-2024-41311
- SUSE Bug 1231714