Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6847-1

Ubuntu Security Notice 6847-1 - It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 18.04 LTS. Reza Mirzazade Farkhani discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. This issue only affected Ubuntu 20.04 LTS.

Packet Storm
#vulnerability#ubuntu#dos
==========================================================================Ubuntu Security Notice USN-6847-1June 25, 2024libheif vulnerabilities==========================================================================A security issue affects these releases of Ubuntu and its derivatives:- Ubuntu 23.10- Ubuntu 22.04 LTS- Ubuntu 20.04 LTS- Ubuntu 18.04 LTSSummary:libheif could be made to crash if it opened a specially craftedfile.Software Description:- libheif: ISO/IEC 23008-12:2017 HEIF file format decoder - development fileDetails:It was discovered that libheif incorrectly handled certain image data.An attacker could possibly use this issue to crash the program, resultingin a denial of service. This issue only affected Ubuntu 18.04 LTS.(CVE-2019-11471)Reza Mirzazade Farkhani discovered that libheif incorrectly handledcertain image data. An attacker could possibly use this issue to crash theprogram, resulting in a denial of service. This issue only affected Ubuntu20.04 LTS. (CVE-2020-23109)Eugene Lim discovered that libheif incorrectly handled certain image data.An attacker could possibly use this issue to crash the program, resultingin a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-0996)Min Jang discovered that libheif incorrectly handled certain image data.An attacker could possibly use this issue to crash the program, resultingin a denial of service. This issue only affected Ubuntu 20.04 LTS andUbuntu 22.04 LTS. (CVE-2023-29659)Yuchuan Meng discovered that libheif incorrectly handled certain image data.An attacker could possibly use this issue to crash the program, resultingin a denial of service. This issue only affected Ubuntu 23.10.(CVE-2023-49460, CVE-2023-49462, CVE-2023-49463, CVE-2023-49464)Update instructions:The problem can be corrected by updating your system to the followingpackage versions:Ubuntu 23.10   heif-gdk-pixbuf                 1.16.2-2ubuntu1.1   libheif-dev                     1.16.2-2ubuntu1.1   libheif-plugin-libde265         1.16.2-2ubuntu1.1   libheif1                        1.16.2-2ubuntu1.1Ubuntu 22.04 LTS   heif-gdk-pixbuf                 1.12.0-2ubuntu0.1~esm1                                   Available with Ubuntu Pro   libheif-dev                     1.12.0-2ubuntu0.1~esm1                                   Available with Ubuntu Pro   libheif1                        1.12.0-2ubuntu0.1~esm1                                   Available with Ubuntu ProUbuntu 20.04 LTS   heif-gdk-pixbuf                 1.6.1-1ubuntu0.1~esm1                                   Available with Ubuntu Pro   libheif-dev                     1.6.1-1ubuntu0.1~esm1                                   Available with Ubuntu Pro   libheif1                        1.6.1-1ubuntu0.1~esm1                                   Available with Ubuntu ProUbuntu 18.04 LTS   libheif-dev                     1.1.0-2ubuntu0.1~esm1                                   Available with Ubuntu Pro   libheif1                        1.1.0-2ubuntu0.1~esm1                                   Available with Ubuntu ProIn general, a standard system update will make all the necessary changes.References:   https://ubuntu.com/security/notices/USN-6847-1   CVE-2019-11471, CVE-2020-23109, CVE-2023-0996, CVE-2023-29659,   CVE-2023-49460, CVE-2023-49462, CVE-2023-49463, CVE-2023-49464Package Information:   https://launchpad.net/ubuntu/+source/libheif/1.16.2-2ubuntu1.1

Related news

Debian Security Advisory 5796-1

Debian Linux Security Advisory 5796-1 - Multiple security issues were found in libheif, a library to parse HEIF and AVIF files, which could result in denial of service or potentially the execution of arbitrary code.

CVE-2023-49460: AddressSanitizer: SEGV in `decode_uncompressed_image` · Issue #1046 · strukturag/libheif

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.

CVE-2023-49462: SEGV libheif/libheif/exif.cc:55 in read16 · Issue #1043 · strukturag/libheif

libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.

CVE-2023-49463: SEGV libheif/libheif/exif.cc:88 in find_exif_tag · Issue #1042 · strukturag/libheif

libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.

CVE-2023-49464: heap-use-after-free/SEGV/heap-buffer-overflow in UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci · Issue #1044 · strukturag/libheif

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.

CVE-2023-29659: FPE in box.cc - heif::Fraction::round() · Issue #794 · strukturag/libheif

A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.

CVE-2023-0996: CVE-2023-0996

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution