CVE-2023-49464 — Libheif vulnerability

6 documents5 sources

Severity

8.8HIGHNVD

EPSS

0.1%

top 71.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Struktur Libheif Debian Libheif

Timeline

PublishedDec 7

Latest updateJun 25

Description

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/libheif< libheif 1.17.6-1 (forky)

▶Debianstruktur/libheif< 1.17.6-1+1

▶Ubuntustruktur/libheif< 1.1.0-2ubuntu0.1~esm1+2

▶NVDstruktur/libheif1.17.5

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

libheif vulnerabilities↗2024-06-25

▶

OSV

CVE-2023-49464: libheif v1↗2023-12-07

▶

GHSA

GHSA-7c9c-qrrc-jc5x: libheif v1↗2023-12-07

▶

📋Vendor Advisories

Ubuntu

libheif vulnerabilities↗2024-06-25

▶

Debian

CVE-2023-49464: libheif - libheif v1.17.5 was discovered to contain a segmentation violation via the funct...↗2023

▶