UbuntuUpdates.org

Package "libheif"

Name: libheif

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • ISO/IEC 23008-12:2017 HEIF file format decoder - gdk-pixbuf loader
  • ISO/IEC 23008-12:2017 HEIF file format decoder - thumbnailer
  • ISO/IEC 23008-12:2017 HEIF file format decoder - development files
  • ISO/IEC 23008-12:2017 HEIF file format decoder - examples
Latest version: 1.16.2-2ubuntu1.1
Release: mantic (23.10)
Level: updates
Repository: universe

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "libheif" in Mantic

Repository Area Version
base universe 1.16.2-2ubuntu1
security universe 1.16.2-2ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.16.2-2ubuntu1.1 2024-06-25 20:07:05 UTC

  libheif (1.16.2-2ubuntu1.1) mantic-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference; buffer and integer overflow
    - debian/patches/CVE-2023-49460.patch: fix null pointer dereference
      in libheif/uncompressed_image.cc:758
    - debian/patches/CVE-2023-49462.patch: fix integer overflows when
      reading EXIF tags (fixes #1043) (CVE-2023-49462)
    - debian/patches/CVE-2023-49463.patch: fix #1042 (EXIF offset larger
      than data)
    - debian/patches/CVE-2023-49464.patch: uncompressed: protect against
      broken uncC box component references
    - CVE-2023-49460
    - CVE-2023-49462
    - CVE-2023-49463
    - CVE-2023-49464

 -- Allen Huang <email address hidden> Tue, 18 Jun 2024 18:00:08 +0100
CVE-2023-49460 libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.
CVE-2023-49462 libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.
CVE-2023-49463 libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.
CVE-2023-49464 libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuratio


About   -   Send Feedback to @ubuntu_updates