libheif.so is vulnerable to Denial Of Services (DoS). The vulnerability exists due to the segmentation fault in the Fraction
function of box.cc
, allowing an attacker to cause an application crash through the floating point exception by providing maliciously crafted heif
images.
github.com/advisories/GHSA-22fx-6r9m-r8h9
github.com/strukturag/libheif/commit/e05e15b57a38ec411cb9acb38512a1c36ff62991
github.com/strukturag/libheif/issues/794
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L/
lists.fedoraproject.org/archives/list/[email protected]/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ/
lists.fedoraproject.org/archives/list/[email protected]/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L/