gdk-pixbuf-loader-libheif-1.19.5-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14579-1 Final 1 1 2024-12-13T00:00:00Z current 2024-12-13T00:00:00Z 2024-12-13T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z gdk-pixbuf-loader-libheif-1.19.5-2.1 on GA media These are all security issues fixed in the gdk-pixbuf-loader-libheif-1.19.5-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14579 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-0996/ SUSE CVE CVE-2023-0996 page https://www.suse.com/security/cve/CVE-2023-29659/ SUSE CVE CVE-2023-29659 page https://www.suse.com/security/cve/CVE-2024-41311/ SUSE CVE CVE-2024-41311 page openSUSE Tumbleweed gdk-pixbuf-loader-libheif-1.19.5-2.1 libheif-aom-1.19.5-2.1 libheif-dav1d-1.19.5-2.1 libheif-devel-1.19.5-2.1 libheif-ffmpeg-1.19.5-2.1 libheif-jpeg-1.19.5-2.1 libheif-openjpeg-1.19.5-2.1 libheif-rav1e-1.19.5-2.1 libheif-svtenc-1.19.5-2.1 libheif1-1.19.5-2.1 libheif1-32bit-1.19.5-2.1 gdk-pixbuf-loader-libheif-1.19.5-2.1 as a component of openSUSE Tumbleweed libheif-aom-1.19.5-2.1 as a component of openSUSE Tumbleweed libheif-dav1d-1.19.5-2.1 as a component of openSUSE Tumbleweed libheif-devel-1.19.5-2.1 as a component of openSUSE Tumbleweed libheif-ffmpeg-1.19.5-2.1 as a component of openSUSE Tumbleweed libheif-jpeg-1.19.5-2.1 as a component of openSUSE Tumbleweed libheif-openjpeg-1.19.5-2.1 as a component of openSUSE Tumbleweed libheif-rav1e-1.19.5-2.1 as a component of openSUSE Tumbleweed libheif-svtenc-1.19.5-2.1 as a component of openSUSE Tumbleweed libheif1-1.19.5-2.1 as a component of openSUSE Tumbleweed libheif1-32bit-1.19.5-2.1 as a component of openSUSE Tumbleweed There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call. CVE-2023-0996 openSUSE Tumbleweed:gdk-pixbuf-loader-libheif-1.19.5-2.1 openSUSE Tumbleweed:libheif-aom-1.19.5-2.1 openSUSE Tumbleweed:libheif-dav1d-1.19.5-2.1 openSUSE Tumbleweed:libheif-devel-1.19.5-2.1 openSUSE Tumbleweed:libheif-ffmpeg-1.19.5-2.1 openSUSE Tumbleweed:libheif-jpeg-1.19.5-2.1 openSUSE Tumbleweed:libheif-openjpeg-1.19.5-2.1 openSUSE Tumbleweed:libheif-rav1e-1.19.5-2.1 openSUSE Tumbleweed:libheif-svtenc-1.19.5-2.1 openSUSE Tumbleweed:libheif1-1.19.5-2.1 openSUSE Tumbleweed:libheif1-32bit-1.19.5-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-0996.html CVE-2023-0996 https://bugzilla.suse.com/1208640 SUSE Bug 1208640 A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. CVE-2023-29659 openSUSE Tumbleweed:gdk-pixbuf-loader-libheif-1.19.5-2.1 openSUSE Tumbleweed:libheif-aom-1.19.5-2.1 openSUSE Tumbleweed:libheif-dav1d-1.19.5-2.1 openSUSE Tumbleweed:libheif-devel-1.19.5-2.1 openSUSE Tumbleweed:libheif-ffmpeg-1.19.5-2.1 openSUSE Tumbleweed:libheif-jpeg-1.19.5-2.1 openSUSE Tumbleweed:libheif-openjpeg-1.19.5-2.1 openSUSE Tumbleweed:libheif-rav1e-1.19.5-2.1 openSUSE Tumbleweed:libheif-svtenc-1.19.5-2.1 openSUSE Tumbleweed:libheif1-1.19.5-2.1 openSUSE Tumbleweed:libheif1-32bit-1.19.5-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-29659.html CVE-2023-29659 https://bugzilla.suse.com/1211174 SUSE Bug 1211174 In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write. CVE-2024-41311 openSUSE Tumbleweed:gdk-pixbuf-loader-libheif-1.19.5-2.1 openSUSE Tumbleweed:libheif-aom-1.19.5-2.1 openSUSE Tumbleweed:libheif-dav1d-1.19.5-2.1 openSUSE Tumbleweed:libheif-devel-1.19.5-2.1 openSUSE Tumbleweed:libheif-ffmpeg-1.19.5-2.1 openSUSE Tumbleweed:libheif-jpeg-1.19.5-2.1 openSUSE Tumbleweed:libheif-openjpeg-1.19.5-2.1 openSUSE Tumbleweed:libheif-rav1e-1.19.5-2.1 openSUSE Tumbleweed:libheif-svtenc-1.19.5-2.1 openSUSE Tumbleweed:libheif1-1.19.5-2.1 openSUSE Tumbleweed:libheif1-32bit-1.19.5-2.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-41311.html CVE-2024-41311 https://bugzilla.suse.com/1231714 SUSE Bug 1231714