CVE-2024-41311

In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.

References

Affected packages

Git / github.com/strukturag/libheif

Affected ranges

Type: GIT
Repo: https://github.com/strukturag/libheif
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36

Affected versions

v1.*

v1.0.0

v1.1.0

v1.10.0

v1.11.0

v1.12.0

v1.13.0

v1.14.0

v1.14.1

v1.14.2

v1.15.0

v1.15.1

v1.15.2

v1.16.0

v1.16.1

v1.16.2

v1.17.0

v1.17.1

v1.17.2

v1.17.3

v1.17.4

v1.17.5

v1.17.6

v1.18.0-rc1

v1.2.0

v1.3.0

v1.3.1

v1.3.2

v1.4.0

v1.5.0

v1.5.1

v1.6.0

v1.6.1

v1.6.2

v1.7.0

v1.8.0

v1.9.0

v1.9.1

Database specific

vanir_signatures

[
    {
        "source": "https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36",
        "id": "CVE-2024-41311-212cf0d4",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "173311675283624134387912327509008473688",
            "length": 1113.0
        },
        "signature_type": "Function",
        "target": {
            "file": "libheif/context.cc",
            "function": "ImageOverlay::parse"
        }
    },
    {
        "source": "https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36",
        "id": "CVE-2024-41311-4d8c2208",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "199552263805737561284050145714968856287",
                "165422266643400024016313375172522398198",
                "180033657895748126602831336989987210673",
                "189887803439879633491609234257712090372",
                "30229904163686012330946050880614291265",
                "51392871933382754157426764918766303363",
                "93229101342813780699996397408371042191",
                "55243773780575863442651236807721696762",
                "136035662303380996503589403874678035051",
                "183225075863443453880290293664347108291",
                "45289821677188080865932746360989307741",
                "10211928742648628472227617329606520940",
                "5696325085153436326710357962775198295",
                "333431399323638600358086591206274538056",
                "231454303058703224983081124071424242313",
                "184985771065220936702395069482602774393",
                "194536753307187255067325972534063669544",
                "209252104496309760212722099118167258840",
                "18290743728633375669528348433724812855",
                "286008113164688586033612454045952097701",
                "18556939492194700870056687009919588530",
                "59990360985222962797058411468055107166",
                "149945864862126184393250202380963231118",
                "219261184209270081653475792746601081541",
                "95961139924895972855349813460681455396",
                "251889454835696797788207875411858768131",
                "185894465369698308510911457328560098889",
                "271214504213560793957759420000248642422",
                "288157629370500558409018951893247999831",
                "161368810937098632971793060837335774039",
                "338554341232491959430627723304781428998",
                "137561794343572263290591683018124636746",
                "310182566129060621311518452794300515956",
                "133294905584986504980524121693238318940",
                "14853676479294205362466405696085723456",
                "194295647374668018498435592087728467682",
                "141579747086259096775532944826867100040",
                "195689630057844184220319129536904166844",
                "15012862894981603766546466657297783314",
                "9205232151826348896435919339058532893",
                "229430739017037062136833680263876604281",
                "85005085750236594173030196306251819423",
                "168290041424508430595017006410669747494",
                "182744254392872156242991018787310405420",
                "118048606027276972819735394818511770918",
                "147167810361073107009812831628296720440",
                "174310907466533799913279551690619910048",
                "339737641806724747454190805793617533208",
                "164788371369794612447704401640444597228",
                "236648328396617439660168574158438507571",
                "259949729457592370558701953951477710522",
                "83333938323182439543071546034155028660",
                "17126884994219268650179956241061169179",
                "204819102560463345088006918150385961585",
                "222977524111234647453311581477527092427",
                "149033929122260277009958254801528904351",
                "164788371369794612447704401640444597228",
                "10797187280327662238003934537153714885",
                "273081084621782586754452159674785208874",
                "254120452596989585743843438389508680864",
                "308524646639230003151360668534371775398",
                "152366930449710676217814338147251218971",
                "23901373130120391930441093047332823499",
                "106571198111993582236991554113834320863",
                "11549147279199251116285435555741147072",
                "186468692745360320426383858427803705665",
                "314202860055721951364162168616603567463",
                "78289514468935581714742947977842172997"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "libheif/pixelimage.cc"
        }
    },
    {
        "source": "https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36",
        "id": "CVE-2024-41311-7cc3c664",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "function_hash": "202545963414215962044629709737210120450",
            "length": 2224.0
        },
        "signature_type": "Function",
        "target": {
            "file": "libheif/pixelimage.cc",
            "function": "HeifPixelImage::overlay"
        }
    },
    {
        "source": "https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36",
        "id": "CVE-2024-41311-807cda5a",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "105329586996834917681742930832353796757",
                "261391097436832287710591966173435959646",
                "223887968081567386217219519890248013631",
                "153917598935205667416519856560568057417"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "libheif/pixelimage.h"
        }
    },
    {
        "source": "https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36",
        "id": "CVE-2024-41311-c5b95db2",
        "deprecated": false,
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "39220634968913479029486567793588491706",
                "65447239829208056754106920004490624594",
                "286317884832100342661869317519226961863",
                "93633028574982367921680148351134709522",
                "186442064864314806107169195727424581574",
                "105781432727809017085079098540202849730",
                "164116372118084159478984673343566465359",
                "72917656133267028660406275661006569561",
                "242397034181951836153234550272352961590"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "target": {
            "file": "libheif/context.cc"
        }
    }
]