CVE-2024-41311
Publication date 15 October 2024
Last updated 23 October 2024
Ubuntu priority
In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libheif | 24.10 oracular |
Not affected
|
| 24.04 LTS noble |
Fixed 1.17.6-1ubuntu4.1
|
|
| 22.04 LTS jammy |
Not affected
|
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
References
Related Ubuntu Security Notices (USN)
- USN-7082-1
- libheif vulnerability
- 23 October 2024
Other references
- https://www.cve.org/CVERecord?id=CVE-2024-41311
- https://github.com/strukturag/libheif/issues/1226
- https://github.com/strukturag/libheif/pull/1227
- https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36 (v1.18.0)
- https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36
- https://gist.github.com/flyyee/79f1b224069842ee320115cafa5c35c0