Bug#1014125: libheif: CVE-2020-23109
Source: libheif
X-Debbugs-CC: team@security.debian.org
Severity: important
Tags: security
Hi,
The following vulnerability was published for libheif.
CVE-2020-23109[0]:
| Buffer overflow vulnerability in function convert_colorspace in
| heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a
| denial of service and disclose sensitive information, via a crafted
| HEIF file.
https://github.com/strukturag/libheif/issues/207
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-23109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23109
Please adjust the affected versions in the BTS as needed.
Reply to: