Advisories » MGASA-2024-0243

Updated libheif packages fix security vulnerabilities

Publication date: 28 Jun 2024
Modification date: 25 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-49460 , CVE-2023-49462 , CVE-2023-49463 , CVE-2023-49464

Description

Yuchuan Meng discovered that libheif incorrectly handled certain image
data.
An attacker could possibly use this issue to crash the program,
resulting  in a denial of service. (CVE-2023-49460, CVE-2023-49462,
CVE-2023-49463, CVE-2023-49464)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33332
• https://ubuntu.com/security/notices/USN-6847-1
• https://www.cve.org/CVERecord?id=CVE-2023-49460
• https://www.cve.org/CVERecord?id=CVE-2023-49462
• https://www.cve.org/CVERecord?id=CVE-2023-49463
• https://www.cve.org/CVERecord?id=CVE-2023-49464

SRPMS

9/core

• libheif-1.16.2-1.1.mga9

9/tainted

• libheif-1.16.2-1.1.mga9.tainted