[ubuntu/mantic-security] libheif 1.16.2-2ubuntu1.1 (Accepted)

[Allen Huang]

libheif (1.16.2-2ubuntu1.1) mantic-security; urgency=medium

  * SECURITY UPDATE: null pointer dereference; buffer and integer overflow
    - debian/patches/CVE-2023-49460.patch: fix null pointer dereference
      in libheif/uncompressed_image.cc:758
    - debian/patches/CVE-2023-49462.patch: fix integer overflows when
      reading EXIF tags (fixes #1043) (CVE-2023-49462)
    - debian/patches/CVE-2023-49463.patch: fix #1042 (EXIF offset larger
      than data)
    - debian/patches/CVE-2023-49464.patch: uncompressed: protect against
      broken uncC box component references
    - CVE-2023-49460
    - CVE-2023-49462
    - CVE-2023-49463
    - CVE-2023-49464

Date: 2024-06-20 09:32:10.774588+00:00
Changed-By: Allen Huang <allen.huang at canonical.com>
https://launchpad.net/ubuntu/+source/libheif/1.16.2-2ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.