libheif is a HEIF and AVIF file format decoder and encoder. Prior to version 1.22.1, the uncompressed HEIF decoder validates explicit icef compressed-unit offsets using unitoffset + unitsize. Because the addition can wrap, a crafted HEIF file can pass the range check and then construct a vector from iterators outside the compressed item buffer, producing an out-of-bounds heap read and crash. Version 1.22.1 patches the issue.
{
"availability": "No subscription required",
"binaries": [
{
"binary_name": "heif-gdk-pixbuf",
"binary_version": "1.21.2-3ubuntu0.2"
},
{
"binary_name": "heif-thumbnailer",
"binary_version": "1.21.2-3ubuntu0.2"
},
{
"binary_version": "1.21.2-3ubuntu0.2",
"binary_name": "heif-view"
},
{
"binary_name": "libheif-examples",
"binary_version": "1.21.2-3ubuntu0.2"
},
{
"binary_name": "libheif-plugin-aomdec",
"binary_version": "1.21.2-3ubuntu0.2"
},
{
"binary_name": "libheif-plugin-aomenc",
"binary_version": "1.21.2-3ubuntu0.2"
},
{
"binary_version": "1.21.2-3ubuntu0.2",
"binary_name": "libheif-plugin-dav1d"
},
{
"binary_name": "libheif-plugin-ffmpegdec",
"binary_version": "1.21.2-3ubuntu0.2"
},
{
"binary_name": "libheif-plugin-j2kdec",
"binary_version": "1.21.2-3ubuntu0.2"
},
{
"binary_version": "1.21.2-3ubuntu0.2",
"binary_name": "libheif-plugin-j2kenc"
},
{
"binary_name": "libheif-plugin-jpegdec",
"binary_version": "1.21.2-3ubuntu0.2"
},
{
"binary_name": "libheif-plugin-jpegenc",
"binary_version": "1.21.2-3ubuntu0.2"
},
{
"binary_name": "libheif-plugin-kvazaar",
"binary_version": "1.21.2-3ubuntu0.2"
},
{
"binary_name": "libheif-plugin-libde265",
"binary_version": "1.21.2-3ubuntu0.2"
},
{
"binary_version": "1.21.2-3ubuntu0.2",
"binary_name": "libheif-plugin-rav1e"
},
{
"binary_version": "1.21.2-3ubuntu0.2",
"binary_name": "libheif-plugin-svtenc"
},
{
"binary_name": "libheif-plugin-x265",
"binary_version": "1.21.2-3ubuntu0.2"
},
{
"binary_name": "libheif-plugins-all",
"binary_version": "1.21.2-3ubuntu0.2"
},
{
"binary_version": "1.21.2-3ubuntu0.2",
"binary_name": "libheif1"
}
]
}