| Package | libheif |
|---|---|
| Version | 1.3.2-2+deb10u2 (buster) |
| Related CVEs | CVE-2024-41311 |
It was discovered that there was a potential out-of-bounds read vulnerability in libheif, a decoder and encoder for the HEIF and AVIF image formats.
Insufficient checks in ImageOverlay::parse() could have been exploited by an
overlay image with forged offsets which could in turn have led to undefined
behaviour.
For Debian 10 buster, these problems have been fixed in version 1.3.2-2+deb10u2.
We recommend that you upgrade your libheif packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.