CVE-2024-41311

CVSS v2.0

9.4

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions Libheif version 1.17.6

Description The issue is related to the ImageOverlay::parse() function in the libheif decoder and encoder for video and photo file formats. It involves an out-of-bounds read and write due to insufficient checks when decoding a HEIF file containing an overlay image with forged offsets. This could allow a remote attacker to access confidential information.

Recommendations For Libheif version 1.17.6, consider disabling the ImageOverlay::parse() function until a patch is available to prevent potential out-of-bounds read and write exploits. Restrict access to HEIF files containing overlay images to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Out of bounds Read

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-787

Related Identifiers

ALT-PU-2024-17820

ALT-PU-2025-2122

ALT-PU-2025-2126

BDU:2024-09439

CVE-2024-41311

DLA-3934-1

DSA-5796-1

MGASA-2024-0352

OPENSUSE-SU-2024:14579-1

OPENSUSE-SU-2024_3960-1

SUSE-SU-2024:3960-1

SUSE-SU-2024_3960-1

USN-7082-1

Affected Products

Alt Linux

Astra Linux

Linuxmint

Red Os

Suse

Ubuntu

Libheif

CVE-2024-41311

Weakness Enumeration

Related Identifiers

Affected Products

References · 37