Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 897904 (CVE-2023-0996, CVE-2023-29659) - <media-libs/libheif-1.15.2: buffer overflow
Summary: <media-libs/libheif-1.15.2: buffer overflow
Status: IN_PROGRESS
Alias: CVE-2023-0996, CVE-2023-29659
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [stable?]
Keywords:
Depends on:
Blocks:
 
Reported: 2023-02-26 17:03 UTC by John Helmert III
Modified: 2023-09-07 06:39 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-02-26 17:03:43 UTC 
CVE-2023-0996 (https://github.com/strukturag/libheif/pull/759):
https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.

Patch is in >=1.15.0: https://github.com/strukturag/libheif/commit/3c8e92448c10a57a7f1ec8536c6e5427fb2c7c62
Comment 1 Jakov Smolić archtester gentoo-dev 2023-04-11 10:47:52 UTC 
From ed6ed01d61b2aa3d65236a3f4d72a0f3f7d5b092 Mon Sep 17 00:00:00 2001
From: Guillermo Joandet <gjoandet@gmail.com>
Date: Sat, 8 Apr 2023 21:14:25 -0300
Subject: media-libs/libheif: Version bump to 1.15.2
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-30 23:06:07 UTC 
Thanks! Please stabilize when ready.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-07 04:46:12 UTC 
CVE-2023-29659 (https://github.com/strukturag/libheif/issues/794):

A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.

Fix is in 1.15.2.