There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.
{ "binaries": [ { "binary_name": "heif-gdk-pixbuf", "binary_version": "1.6.1-1ubuntu0.1~esm1" }, { "binary_name": "heif-gdk-pixbuf-dbgsym", "binary_version": "1.6.1-1ubuntu0.1~esm1" }, { "binary_name": "heif-thumbnailer", "binary_version": "1.6.1-1ubuntu0.1~esm1" }, { "binary_name": "heif-thumbnailer-dbgsym", "binary_version": "1.6.1-1ubuntu0.1~esm1" }, { "binary_name": "libheif-dev", "binary_version": "1.6.1-1ubuntu0.1~esm1" }, { "binary_name": "libheif-examples", "binary_version": "1.6.1-1ubuntu0.1~esm1" }, { "binary_name": "libheif-examples-dbgsym", "binary_version": "1.6.1-1ubuntu0.1~esm1" }, { "binary_name": "libheif1", "binary_version": "1.6.1-1ubuntu0.1~esm1" }, { "binary_name": "libheif1-dbgsym", "binary_version": "1.6.1-1ubuntu0.1~esm1" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }
{ "binaries": [ { "binary_name": "heif-gdk-pixbuf", "binary_version": "1.12.0-2ubuntu0.1~esm1" }, { "binary_name": "heif-gdk-pixbuf-dbgsym", "binary_version": "1.12.0-2ubuntu0.1~esm1" }, { "binary_name": "heif-thumbnailer", "binary_version": "1.12.0-2ubuntu0.1~esm1" }, { "binary_name": "heif-thumbnailer-dbgsym", "binary_version": "1.12.0-2ubuntu0.1~esm1" }, { "binary_name": "libheif-dev", "binary_version": "1.12.0-2ubuntu0.1~esm1" }, { "binary_name": "libheif-examples", "binary_version": "1.12.0-2ubuntu0.1~esm1" }, { "binary_name": "libheif-examples-dbgsym", "binary_version": "1.12.0-2ubuntu0.1~esm1" }, { "binary_name": "libheif1", "binary_version": "1.12.0-2ubuntu0.1~esm1" }, { "binary_name": "libheif1-dbgsym", "binary_version": "1.12.0-2ubuntu0.1~esm1" } ], "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro" }