Updated libheif packages fix security vulnerabilities
Publication date: 28 Jun 2024Modification date: 28 Jun 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-49460 , CVE-2023-49462 , CVE-2023-49463 , CVE-2023-49464
Description
It was discovered that libheif incorrectly handled certain image data.
An attacker could possibly use this issue to crash the program,
resulting in a denial of service. (CVE-2019-11471)
Reza Mirzazade Farkhani discovered that libheif incorrectly handled
certain image data. An attacker could possibly use this issue to crash
the program, resulting in a denial of service. (CVE-2020-23109)
Eugene Lim discovered that libheif incorrectly handled certain image
data.
An attacker could possibly use this issue to crash the program,
resulting in a denial of service. (CVE-2023-0996)
Min Jang discovered that libheif incorrectly handled certain image data.
An attacker could possibly use this issue to crash the program,
resulting in a denial of service. (CVE-2023-29659)
Yuchuan Meng discovered that libheif incorrectly handled certain image
data.
An attacker could possibly use this issue to crash the program,
resulting in a denial of service. (CVE-2023-49460, CVE-2023-49462,
CVE-2023-49463, CVE-2023-49464)
References
- https://bugs.mageia.org/show_bug.cgi?id=33332
- https://ubuntu.com/security/notices/USN-6847-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49460
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49462
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49463
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49464
SRPMS
9/tainted
- libheif-1.16.2-1.1.mga9.tainted
9/core
- libheif-1.16.2-1.1.mga9