In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.
{ "vanir_signatures": [ { "id": "CVE-2024-41311-212cf0d4", "digest": { "length": 1113.0, "function_hash": "173311675283624134387912327509008473688" }, "signature_version": "v1", "target": { "file": "libheif/context.cc", "function": "ImageOverlay::parse" }, "deprecated": false, "signature_type": "Function", "source": "https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36" }, { "id": "CVE-2024-41311-4d8c2208", "digest": { "line_hashes": [ "199552263805737561284050145714968856287", "165422266643400024016313375172522398198", "180033657895748126602831336989987210673", "189887803439879633491609234257712090372", "30229904163686012330946050880614291265", "51392871933382754157426764918766303363", "93229101342813780699996397408371042191", "55243773780575863442651236807721696762", "136035662303380996503589403874678035051", "183225075863443453880290293664347108291", "45289821677188080865932746360989307741", "10211928742648628472227617329606520940", "5696325085153436326710357962775198295", "333431399323638600358086591206274538056", "231454303058703224983081124071424242313", "184985771065220936702395069482602774393", "194536753307187255067325972534063669544", "209252104496309760212722099118167258840", "18290743728633375669528348433724812855", "286008113164688586033612454045952097701", "18556939492194700870056687009919588530", "59990360985222962797058411468055107166", "149945864862126184393250202380963231118", "219261184209270081653475792746601081541", "95961139924895972855349813460681455396", "251889454835696797788207875411858768131", "185894465369698308510911457328560098889", "271214504213560793957759420000248642422", "288157629370500558409018951893247999831", "161368810937098632971793060837335774039", "338554341232491959430627723304781428998", "137561794343572263290591683018124636746", "310182566129060621311518452794300515956", "133294905584986504980524121693238318940", "14853676479294205362466405696085723456", "194295647374668018498435592087728467682", "141579747086259096775532944826867100040", "195689630057844184220319129536904166844", "15012862894981603766546466657297783314", "9205232151826348896435919339058532893", "229430739017037062136833680263876604281", "85005085750236594173030196306251819423", "168290041424508430595017006410669747494", "182744254392872156242991018787310405420", "118048606027276972819735394818511770918", "147167810361073107009812831628296720440", "174310907466533799913279551690619910048", "339737641806724747454190805793617533208", "164788371369794612447704401640444597228", "236648328396617439660168574158438507571", "259949729457592370558701953951477710522", "83333938323182439543071546034155028660", "17126884994219268650179956241061169179", "204819102560463345088006918150385961585", "222977524111234647453311581477527092427", "149033929122260277009958254801528904351", "164788371369794612447704401640444597228", "10797187280327662238003934537153714885", "273081084621782586754452159674785208874", "254120452596989585743843438389508680864", "308524646639230003151360668534371775398", "152366930449710676217814338147251218971", "23901373130120391930441093047332823499", "106571198111993582236991554113834320863", "11549147279199251116285435555741147072", "186468692745360320426383858427803705665", "314202860055721951364162168616603567463", "78289514468935581714742947977842172997" ], "threshold": 0.9 }, "signature_version": "v1", "target": { "file": "libheif/pixelimage.cc" }, "deprecated": false, "signature_type": "Line", "source": "https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36" }, { "id": "CVE-2024-41311-7cc3c664", "digest": { "length": 2224.0, "function_hash": "202545963414215962044629709737210120450" }, "signature_version": "v1", "target": { "file": "libheif/pixelimage.cc", "function": "HeifPixelImage::overlay" }, "deprecated": false, "signature_type": "Function", "source": "https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36" }, { "id": "CVE-2024-41311-807cda5a", "digest": { "line_hashes": [ "105329586996834917681742930832353796757", "261391097436832287710591966173435959646", "223887968081567386217219519890248013631", "153917598935205667416519856560568057417" ], "threshold": 0.9 }, "signature_version": "v1", "target": { "file": "libheif/pixelimage.h" }, "deprecated": false, "signature_type": "Line", "source": "https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36" }, { "id": "CVE-2024-41311-c5b95db2", "digest": { "line_hashes": [ "39220634968913479029486567793588491706", "65447239829208056754106920004490624594", "286317884832100342661869317519226961863", "93633028574982367921680148351134709522", "186442064864314806107169195727424581574", "105781432727809017085079098540202849730", "164116372118084159478984673343566465359", "72917656133267028660406275661006569561", "242397034181951836153234550272352961590" ], "threshold": 0.9 }, "signature_version": "v1", "target": { "file": "libheif/context.cc" }, "deprecated": false, "signature_type": "Line", "source": "https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36" } ] }