There are 6 open security issues in bullseye.
6 issues left for the package maintainer to handle:
- CVE-2023-0996:
(needs triaging)
There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.
- CVE-2023-29659:
(needs triaging)
A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.
- CVE-2023-49460:
(needs triaging)
libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.
- CVE-2023-49462:
(needs triaging)
libheif v1.17.5 was discovered to contain a segmentation violation via the component /libheif/exif.cc.
- CVE-2023-49463:
(needs triaging)
libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.
- CVE-2023-49464:
(needs triaging)
libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::get_luma_bits_per_pixel_from_configuration_unci.
You can find information about how to handle these issues in the security team's documentation.