[SECURITY] [DLA 3934-1] libheif security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3934-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Chris Lamb
October 22, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : libheif
Version : 1.11.0-1+deb11u1
CVE ID : CVE-2024-41311
It was discovered that there was a potential out-of-bounds read
vulnerability in libheif, a decoder and encoder for the HEIF and AVIF
image formats.
Insufficient checks in ImageOverlay::parse() could have been
exploited by an overlay image with forged offsets which could, in
turn, have led to undefined behaviour.
For Debian 11 bullseye, this problem has been fixed in version
1.11.0-1+deb11u1.
We recommend that you upgrade your libheif packages.
For the detailed security status of libheif please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libheif
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmcYLPsACgkQHpU+J9Qx
Hlh/kg/8ClIX5j2D2iwLFsCUfE6R0JbXS/lY2yTdeg/+kXjTeMMDT8msr6NkPS/O
Yk+IBRdAlIrpoZsHAOBQfZhLg04+EhfIw4Nql1B8dQVNdjZ4xMhPgBPdioov4iIU
IpJ9uFmDoA0MGNElUxW1kNv5lgXaMM2fyZRYkiRaxQiWv74r9pF31xNNEXQYJ6Qd
4p78NaKjcmflqQJTYhmMuTTNqVqEJCrZxbRZ4y+snVUaUiiqP28ogusyeLu7caOx
dln4T9Va4X+r2U+6N+MqfAMgDOQCxvBVfRT++L4Y2wWF4AC6pSTz3MV1OQOzgDP6
igPD+RogJaPge0OtGRtu9Q4zhH5/jAAgKbOF8RPKPeWWDQXXkNV/njJZfCjLtD4W
wjrWYweUjokoum9MgfPbK7HSjQD/us7/T/QPbbT7uV1GDJPCbCivmi7U7IqZSttV
x7Naafupc2Eitfsyck+H1z2SCWfS7fmloZ36/r5w298NHMQ0APEBXqXQwSzxF8fX
PkhmvyyrBlX0m2CHNXBFVOqw0cIiNVumz5uK95vob4FPivztQRaSKUfCUmBSQtW/
pfTlp8dzQkXwPVrfzBF2IgbQn2G2BcINA55uCokSSy0+foEGNx86lNJ3ftOdPorn
YtHiPH/XTISK4krgcT7+rPjXCcDZLyyVCVyhMIw16t67f70LqIY=
=CV1O
-----END PGP SIGNATURE-----
Reply to: