MGASA-2024-0243 - Updated libheif packages fix security vulnerabilities

Publication date: 28 Jun 2024
URL: https://advisories.mageia.org/MGASA-2024-0243.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2023-49460,
     CVE-2023-49462,
     CVE-2023-49463,
     CVE-2023-49464

It was discovered that libheif incorrectly handled certain image data.
An attacker could possibly use this issue to crash the program,
resulting  in a denial of service. (CVE-2019-11471)
Reza Mirzazade Farkhani discovered that libheif incorrectly handled
certain image data. An attacker could possibly use this issue to crash
the program, resulting in a denial of service. (CVE-2020-23109)
Eugene Lim discovered that libheif incorrectly handled certain image
data.
An attacker could possibly use this issue to crash the program,
resulting  in a denial of service. (CVE-2023-0996)
Min Jang discovered that libheif incorrectly handled certain image data.
An attacker could possibly use this issue to crash the program,
resulting  in a denial of service. (CVE-2023-29659)
Yuchuan Meng discovered that libheif incorrectly handled certain image
data.
An attacker could possibly use this issue to crash the program,
resulting  in a denial of service. (CVE-2023-49460, CVE-2023-49462,
CVE-2023-49463, CVE-2023-49464)

References:
- https://bugs.mageia.org/show_bug.cgi?id=33332
- https://ubuntu.com/security/notices/USN-6847-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49460
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49462
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49463
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49464

SRPMS:
- 9/core/libheif-1.16.2-1.1.mga9
- 9/tainted/libheif-1.16.2-1.1.mga9.tainted

Mageia 2024-0243: libheif Security Advisory Updates

It was discovered that libheif incorrectly handled certain image data

Summary

It was discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2019-11471) Reza Mirzazade Farkhani discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2020-23109) Eugene Lim discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2023-0996) Min Jang discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2023-29659) Yuchuan Meng discovered that libheif incorrectly handled certain image data. An attacker could possibly use this issue to crash the program, resulting in a denial of service. (CVE-2023-49460, CVE-2023-49462, CVE-2023-49463, CVE-2023-49464)

References

- https://bugs.mageia.org/show_bug.cgi?id=33332

- https://ubuntu.com/security/notices/USN-6847-1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49460

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49462

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49463

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49464

Resolution

MGASA-2024-0243 - Updated libheif packages fix security vulnerabilities

SRPMS

- 9/core/libheif-1.16.2-1.1.mga9

- 9/tainted/libheif-1.16.2-1.1.mga9.tainted

Severity
Publication date: 28 Jun 2024
URL: https://advisories.mageia.org/MGASA-2024-0243.html
Type: security
CVE: CVE-2023-49460, CVE-2023-49462, CVE-2023-49463, CVE-2023-49464

Related News