Updated libheif packages fix security vulnerabilities
Publication date: 28 Jun 2024Modification date: 25 Mar 2026
Type: security
Affected Mageia releases : 9
CVE: CVE-2023-49460 , CVE-2023-49462 , CVE-2023-49463 , CVE-2023-49464
Description
Yuchuan Meng discovered that libheif incorrectly handled certain image
data.
An attacker could possibly use this issue to crash the program,
resulting in a denial of service. (CVE-2023-49460, CVE-2023-49462,
CVE-2023-49463, CVE-2023-49464)
References
- https://bugs.mageia.org/show_bug.cgi?id=33332
- https://ubuntu.com/security/notices/USN-6847-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49460
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49462
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49463
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49464
SRPMS
9/core
- libheif-1.16.2-1.1.mga9
9/tainted
- libheif-1.16.2-1.1.mga9.tainted