Advisories » MGASA-2024-0352

Updated libheif packages fix security vulnerability

Publication date: 09 Nov 2024
Modification date: 09 Nov 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-41311

Description

In Libheif, insufficient checks in ImageOverlay::parse() while decoding a
HEIF file containing an overlay image with forged offsets can lead to an
out-of-bounds read and write. (CVE-2024-41311)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33662
• https://ubuntu.com/security/notices/USN-7082-1
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41311

SRPMS

9/core

• libheif-1.16.2-1.2.mga9

9/tainted

• libheif-1.16.2-1.2.mga9.tainted