8.1

CVE-2024-41311

Exploit
In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
StrukturLibheif Version1.17.6
DebianDebian Linux Version11.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.83% 0.526
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 2.8 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://gist.github.com/flyyee/79f1b224069842ee320115cafa5c35c0
Third Party Advisory
https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36
Patch
https://github.com/strukturag/libheif/issues/1226
Exploit
Issue Tracking
https://github.com/strukturag/libheif/pull/1227
Patch
Issue Tracking
https://lists.debian.org/debian-lts-announce/2024/10/msg00025.html
Mailing List