Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports


Toggle filters

1 – 10 of 12 results


CVE-2024-41311

Medium priority
Fixed

In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.

1 affected packages

libheif

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libheif Fixed Not affected Not affected Not affected
Show less packages

CVE-2024-25269

Negligible priority
Needs evaluation

libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack.

1 affected packages

libheif

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libheif Needs evaluation Needs evaluation Needs evaluation Needs evaluation
Show less packages

CVE-2023-49464

Medium priority

Some fixes available 1 of 2

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.

1 affected packages

libheif

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libheif Not affected Not affected Not affected Not affected Ignored
Show less packages

CVE-2023-49463

Medium priority

Some fixes available 1 of 2

libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.

1 affected packages

libheif

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libheif Not affected Not affected Not affected Not affected Ignored
Show less packages

CVE-2023-49462

Medium priority

Some fixes available 1 of 2

libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.

1 affected packages

libheif

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libheif Not affected Not affected Not affected Not affected Ignored
Show less packages

CVE-2023-49460

Medium priority

Some fixes available 1 of 2

libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.

1 affected packages

libheif

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libheif Not affected Not affected Not affected Not affected Ignored
Show less packages

CVE-2023-29659

Medium priority

Some fixes available 2 of 4

A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.

1 affected packages

libheif

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libheif Not affected Fixed Fixed Not affected Ignored
Show less packages

CVE-2023-0996

Medium priority

Some fixes available 2 of 3

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.

1 affected packages

libheif

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libheif Not affected Fixed Fixed Not affected Ignored
Show less packages

CVE-2020-23109

Medium priority

Some fixes available 1 of 6

Buffer overflow vulnerability in function convert_colorspace in heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a denial of service and disclose sensitive information, via a crafted HEIF file.

1 affected packages

libheif

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libheif Not affected Not affected Fixed Ignored Ignored
Show less packages

CVE-2020-19499

Medium priority
Not affected

An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read.

1 affected packages

libheif

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libheif Not affected Not affected Not affected Ignored
Show less packages