UbuntuUpdates.org

Package "libheif-plugin-libde265"

Name: libheif-plugin-libde265

Description:

ISO/IEC 23008-12:2017 HEIF file format decoder - libde265 plugin
Latest version: 1.16.2-2ubuntu1.1
Release: mantic (23.10)
Level: updates
Repository: universe
Head package: libheif
Homepage: http://www.libheif.org

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libheif-plugin-libde265"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libheif-plugin-libde265" in Mantic

Repository Area Version
security universe 1.16.2-2ubuntu1.1

Changelog

Version: 1.16.2-2ubuntu1.1 2024-06-25 20:07:05 UTC

  libheif (1.16.2-2ubuntu1.1) mantic-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference; buffer and integer overflow
    - debian/patches/CVE-2023-49460.patch: fix null pointer dereference
      in libheif/uncompressed_image.cc:758
    - debian/patches/CVE-2023-49462.patch: fix integer overflows when
      reading EXIF tags (fixes #1043) (CVE-2023-49462)
    - debian/patches/CVE-2023-49463.patch: fix #1042 (EXIF offset larger
      than data)
    - debian/patches/CVE-2023-49464.patch: uncompressed: protect against
      broken uncC box component references
    - CVE-2023-49460
    - CVE-2023-49462
    - CVE-2023-49463
    - CVE-2023-49464

 -- Allen Huang <email address hidden> Tue, 18 Jun 2024 18:00:08 +0100
CVE-2023-49460 libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.
CVE-2023-49462 libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.
CVE-2023-49463 libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.
CVE-2023-49464 libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuratio


About   -   Send Feedback to @ubuntu_updates