CVE-2023-29659 — Divide By Zero in Strukturag Libheif

CWE-369 — Divide By Zero7 documents5 sources

Severity

6.5MEDIUMNVD

OSV8.8

EPSS

0.1%

top 66.97%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Struktur Libheif Github.com Strukturag Libheif Debian Libheif +1 more

Timeline

PublishedMay 5

Latest updateJun 25

Description

A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶debiandebian/libheif< libheif 1.15.1-1+deb12u1 (bookworm)

▶Gogithub.com/strukturag_libheif< 1.15.2

▶Debianstruktur/libheif< 1.11.0-1+deb11u2+3

▶Ubuntustruktur/libheif< 1.1.0-2ubuntu0.1~esm1+2

▶NVDstruktur/libheif1.15.1

Also affects: Fedora 36, 37

🔴Vulnerability Details

OSV

libheif vulnerabilities↗2024-06-25

▶

OSV

CVE-2023-29659: A Segmentation fault caused by a floating point exception exists in libheif 1↗2023-05-05

▶

OSV

libheif vulnerable to segmentation fault via floating point exception↗2023-05-05

▶

GHSA

libheif vulnerable to segmentation fault via floating point exception↗2023-05-05

▶

📋Vendor Advisories

Ubuntu

libheif vulnerabilities↗2024-06-25

▶

Debian

CVE-2023-29659: libheif - A Segmentation fault caused by a floating point exception exists in libheif 1.15...↗2023

▶