SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3960

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3960

Security update for libheif

Type: security

Severity: important

Issued: 2024-11-08

Description:

This update for libheif fixes the following issues:

- CVE-2024-41311: Fixed out-of-bounds read and write in ImageOverlay:parse() due to decoding a heif file containing an overlay image with forged offsets (bsc#1231714).

References

CVE: CVE-2024-41311
Bugzilla: 1231714 VUL-0: CVE-2024-41311: libheif: out-of-bounds read and write in ImageOverlay:parse() due to decoding a heif file containing an overlay image with forged offsets

Packages

libheif-1.12.0-150400.3.14.1