CVE-2023-29659: libheif vulnerable to segmentation fault via floating point exception
(updated )
A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.
References
- github.com/advisories/GHSA-22fx-6r9m-r8h9
- github.com/strukturag/libheif/commit/e05e15b57a38ec411cb9acb38512a1c36ff62991
- github.com/strukturag/libheif/issues/794
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L
- nvd.nist.gov/vuln/detail/CVE-2023-29659
Code Behaviors & Features
Detect and mitigate CVE-2023-29659 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →