Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 41: FEDORA-2025-8fdb7be3cb moderate: libheif out-of-bounds read

fedora
Calendar Grey February 15, 2025
Dist Fedora Esm H88
The recent Libheif enhancements for Fedora 41 address issues related to iOS image handling and additional features. Keep your software current to maintain the highest level of security.
Latest upstream release

Summary

libheif is an ISO/IEC 23008-12:2017 HEIF and AVIF (AV1 Image File Format)

file format decoder and encoder.

Update Information:

Latest upstream release. It adds support for tiles and fixes reading images generated by iOS 18+. See https://github.com/strukturag/libheif/releases for more details about the changes since 1.17.6. NOTE: heif-convert tool was renamed to heif-dec. How to test: Download and unzip sample images from mastodon issue #31570. Try opening them with e.g. loupe or gimp. They fail to open with libheif-1.17.6, but should open successfully with libheif-1.19.5. Fixes CVE-2024-41311 .

Topics%20covered

Topics Covered

security advisory moderate fedora update Fedora modification oob read encoder libheif OOB read image overlay

Change Log

* Wed Feb 5 2025 Robert-André Mauchin - 1.19.5-3 - Rebuilt for aom 3.11.0 * Fri Jan 17 2025 Fedora Release Engineering - 1.19.5-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild * Sun Nov 24 2024 Packit - 1.19.5-1 - Update to version 1.19.5 - Resolves: rhbz#2327307 * Sun Nov 17 2024 Dominik Mierzejewski - 1.19.3-3 - disable OpenJPH encoder support to work-around crashes * Sat Nov 16 2024 Sérgio Basto - 1.19.3-2 - Add support to multilib in devel sub-package - Resolves: rhbz#2279891 * Tue Nov 12 2024 Dominik Mierzejewski - 1.19.3-1 - update to 1.19.3 (resolves rhbz#2295525) - drop obsolete patches - enable OpenH264, OpenJPH (64-bit only) and Brotli decoders - run tests unconditionally, they no longer require special build options - drop conditional hevc subpackage - use fewer wildcards in the file lists - stop building rav1e and svt AV1 encoders as plugins

References


[ 1 ] Bug #2319289 - CVE-2024-41311 libheif: OOB read and write via ImageOverlay::parse() [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2319289 [ 2 ] Bug #2332519 - Update libheif https://bugzilla.redhat.com/show_bug.cgi?id=2332519

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-8fdb7be3cb' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Name: libheif
Product: Fedora 41
Version: 1.19.5
Release: 3.fc41
URL: https://github.com/strukturag/libheif
Summary: HEIF and AVIF file format decoder and encoder

Topics%20covered

Topics Covered

security advisory moderate fedora update Fedora modification oob read encoder libheif OOB read image overlay

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here