Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Mageia: 2019-0290 Moderate: libheif Use-After-Free Threat

mageia
Calendar Grey September 27, 2019
Dist Mageia Esm H88
Mageia 2019-0291 enhances OpenSSL and curl to address significant vulnerabilities discovered on Oct 5, 2019.
libheif 1.4.0 has a use-after-free in heif::HeifContext::Image:: set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images (CVE...

Summary

libheif 1.4.0 has a use-after-free in heif::HeifContext::Image:: set_alpha_channel in heif_context.h because heif_context.cc mishandles references to non-existing alpha images (CVE-2019-11471).
Also, imagemagick has been updated to 7.0.8.62 to fix various bugs.

References

- https://bugs.mageia.org/show_bug.cgi?id=25319

- https://github.com/strukturag/libheif/releases/tag/v1.4.1

- https://www.cve.org/CVERecord?id=CVE-2019-11471

Resolution

SRPMS

- 7/tainted/libheif-1.4.1-1.mga7.tainted

- 7/tainted/imagemagick-7.0.8.62-1.mga7.tainted

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 27 Sep 2019
URL: https://advisories.mageia.org/MGASA-2019-0290.html
Type: security
CVE: CVE-2019-11471

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here