CVE-2023-0996 (https://github.com/strukturag/libheif/pull/759): https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. Patch is in >=1.15.0: https://github.com/strukturag/libheif/commit/3c8e92448c10a57a7f1ec8536c6e5427fb2c7c62
From ed6ed01d61b2aa3d65236a3f4d72a0f3f7d5b092 Mon Sep 17 00:00:00 2001 From: Guillermo Joandet <gjoandet@gmail.com> Date: Sat, 8 Apr 2023 21:14:25 -0300 Subject: media-libs/libheif: Version bump to 1.15.2
Thanks! Please stabilize when ready.
CVE-2023-29659 (https://github.com/strukturag/libheif/issues/794): A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. Fix is in 1.15.2.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=925c6a9a631c0c05cc2c8f3a2d749d46e746eddf commit 925c6a9a631c0c05cc2c8f3a2d749d46e746eddf Author: Jakov Smolić <jsmolic@gentoo.org> AuthorDate: 2024-01-06 01:19:50 +0000 Commit: Jakov Smolić <jsmolic@gentoo.org> CommitDate: 2024-01-06 01:19:50 +0000 media-libs/libheif: drop 1.13.0 Bug: https://bugs.gentoo.org/897904 Signed-off-by: Jakov Smolić <jsmolic@gentoo.org> media-libs/libheif/Manifest | 1 - media-libs/libheif/libheif-1.13.0.ebuild | 86 -------------------------------- 2 files changed, 87 deletions(-)