-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3934-1 [email protected] https://www.debian.org/lts/security/ Chris Lamb October 22, 2024 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : libheif Version : 1.11.0-1+deb11u1 CVE ID : CVE-2024-41311 It was discovered that there was a potential out-of-bounds read vulnerability in libheif, a decoder and encoder for the HEIF and AVIF image formats. Insufficient checks in ImageOverlay::parse() could have been exploited by an overlay image with forged offsets which could, in turn, have led to undefined behaviour. For Debian 11 bullseye, this problem has been fixed in version 1.11.0-1+deb11u1. We recommend that you upgrade your libheif packages. For the detailed security status of libheif please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libheif Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmcYLPsACgkQHpU+J9Qx Hlh/kg/8ClIX5j2D2iwLFsCUfE6R0JbXS/lY2yTdeg/+kXjTeMMDT8msr6NkPS/O Yk+IBRdAlIrpoZsHAOBQfZhLg04+EhfIw4Nql1B8dQVNdjZ4xMhPgBPdioov4iIU IpJ9uFmDoA0MGNElUxW1kNv5lgXaMM2fyZRYkiRaxQiWv74r9pF31xNNEXQYJ6Qd 4p78NaKjcmflqQJTYhmMuTTNqVqEJCrZxbRZ4y+snVUaUiiqP28ogusyeLu7caOx dln4T9Va4X+r2U+6N+MqfAMgDOQCxvBVfRT++L4Y2wWF4AC6pSTz3MV1OQOzgDP6 igPD+RogJaPge0OtGRtu9Q4zhH5/jAAgKbOF8RPKPeWWDQXXkNV/njJZfCjLtD4W wjrWYweUjokoum9MgfPbK7HSjQD/us7/T/QPbbT7uV1GDJPCbCivmi7U7IqZSttV x7Naafupc2Eitfsyck+H1z2SCWfS7fmloZ36/r5w298NHMQ0APEBXqXQwSzxF8fX PkhmvyyrBlX0m2CHNXBFVOqw0cIiNVumz5uK95vob4FPivztQRaSKUfCUmBSQtW/ pfTlp8dzQkXwPVrfzBF2IgbQn2G2BcINA55uCokSSy0+foEGNx86lNJ3ftOdPorn YtHiPH/XTISK4krgcT7+rPjXCcDZLyyVCVyhMIw16t67f70LqIY= =CV1O -----END PGP SIGNATURE-----
