UbuntuUpdates.org

Package "libheif"

Name: libheif

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • ISO/IEC 23008-12:2017 HEIF file format decoder - gdk-pixbuf loader
  • ISO/IEC 23008-12:2017 HEIF file format decoder - thumbnailer
  • ISO/IEC 23008-12:2017 HEIF file format decoder - development files
  • ISO/IEC 23008-12:2017 HEIF file format decoder - examples

Latest version: 1.16.2-2ubuntu1.1
Release: mantic (23.10)
Level: security
Repository: universe

Links



Other versions of "libheif" in Mantic

Repository Area Version
base universe 1.16.2-2ubuntu1
updates universe 1.16.2-2ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.16.2-2ubuntu1.1 2024-06-25 18:07:08 UTC

  libheif (1.16.2-2ubuntu1.1) mantic-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference; buffer and integer overflow
    - debian/patches/CVE-2023-49460.patch: fix null pointer dereference
      in libheif/uncompressed_image.cc:758
    - debian/patches/CVE-2023-49462.patch: fix integer overflows when
      reading EXIF tags (fixes #1043) (CVE-2023-49462)
    - debian/patches/CVE-2023-49463.patch: fix #1042 (EXIF offset larger
      than data)
    - debian/patches/CVE-2023-49464.patch: uncompressed: protect against
      broken uncC box component references
    - CVE-2023-49460
    - CVE-2023-49462
    - CVE-2023-49463
    - CVE-2023-49464

 -- Allen Huang <email address hidden> Tue, 18 Jun 2024 18:00:08 +0100

CVE-2023-49460 libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.
CVE-2023-49462 libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.
CVE-2023-49463 libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.
CVE-2023-49464 libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuratio



About   -   Send Feedback to @ubuntu_updates