| Package | libheif |
|---|---|
| Version | 1.3.2-2+deb10u3 (buster) |
| Related CVEs | CVE-2023-0996 |
There was a vulnerability in the strided image parsing code in
libheif, a decoder/encoder for the
HEIF and AVIF image formats.
An attacker could have exploited this through a crafted image file to cause a
buffer overflow in linear memory during a memcpy call.
For Debian 10 buster, these problems have been fixed in version 1.3.2-2+deb10u3.
We recommend that you upgrade your libheif packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.