Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 897904 (CVE-2023-0996, CVE-2023-29659) - <media-libs/libheif-1.15.2: buffer overflow
Summary: <media-libs/libheif-1.15.2: buffer overflow
Alias: CVE-2023-0996, CVE-2023-29659
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa?]
Depends on: 908168
  Show dependency tree
Reported: 2023-02-26 17:03 UTC by John Helmert III
Modified: 2024-01-06 08:13 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-02-26 17:03:43 UTC
CVE-2023-0996 (

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.

Patch is in >=1.15.0:
Comment 1 Jakov Smolić archtester gentoo-dev 2023-04-11 10:47:52 UTC
From ed6ed01d61b2aa3d65236a3f4d72a0f3f7d5b092 Mon Sep 17 00:00:00 2001
From: Guillermo Joandet <>
Date: Sat, 8 Apr 2023 21:14:25 -0300
Subject: media-libs/libheif: Version bump to 1.15.2
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-30 23:06:07 UTC
Thanks! Please stabilize when ready.
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-05-07 04:46:12 UTC
CVE-2023-29659 (

A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in, which causes a denial of service.

Fix is in 1.15.2.
Comment 4 Larry the Git Cow gentoo-dev 2024-01-06 01:21:52 UTC
The bug has been referenced in the following commit(s):

commit 925c6a9a631c0c05cc2c8f3a2d749d46e746eddf
Author:     Jakov Smolić <>
AuthorDate: 2024-01-06 01:19:50 +0000
Commit:     Jakov Smolić <>
CommitDate: 2024-01-06 01:19:50 +0000

    media-libs/libheif: drop 1.13.0
    Signed-off-by: Jakov Smolić <>

 media-libs/libheif/Manifest              |  1 -
 media-libs/libheif/libheif-1.13.0.ebuild | 86 --------------------------------
 2 files changed, 87 deletions(-)