Lucene search

GoogleOSV:CVE-2023-29659

HistoryMay 05, 2023 - 4:15 p.m.

CVE-2023-29659

2023-05-0516:15:09

Google

osv.dev

segmentation fault

libheif 1.15.1

floating point exception

heif::fraction::round()

box.cc

software

AI Score

Confidence

High

EPSS

0.001

Percentile

29.6%

JSON

A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.

References

github.com/strukturag/libheif/issues/794

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L/