{"id":"USN-6847-1","summary":"libheif vulnerabilities","details":"It was discovered that libheif incorrectly handled certain image data.\nAn attacker could possibly use this issue to crash the program, resulting\nin a denial of service. This issue only affected Ubuntu 18.04 LTS.\n(CVE-2019-11471)\n\nReza Mirzazade Farkhani discovered that libheif incorrectly handled\ncertain image data. An attacker could possibly use this issue to crash the\nprogram, resulting in a denial of service. This issue only affected Ubuntu\n20.04 LTS. (CVE-2020-23109)\n\nEugene Lim discovered that libheif incorrectly handled certain image data.\nAn attacker could possibly use this issue to crash the program, resulting\nin a denial of service. This issue only affected Ubuntu 18.04 LTS, Ubuntu\n20.04 LTS and Ubuntu 22.04 LTS. (CVE-2023-0996)\n\nMin Jang discovered that libheif incorrectly handled certain image data.\nAn attacker could possibly use this issue to crash the program, resulting\nin a denial of service. This issue only affected Ubuntu 20.04 LTS and\nUbuntu 22.04 LTS. (CVE-2023-29659)\n\nYuchuan Meng discovered that libheif incorrectly handled certain image data.\nAn attacker could possibly use this issue to crash the program, resulting\nin a denial of service. This issue only affected Ubuntu 23.10.\n(CVE-2023-49460, CVE-2023-49462, CVE-2023-49463, CVE-2023-49464)\n","modified":"2026-04-27T17:02:02.765083771Z","published":"2024-06-25T16:50:16Z","related":["UBUNTU-CVE-2019-11471","UBUNTU-CVE-2020-23109","UBUNTU-CVE-2023-0996","UBUNTU-CVE-2023-29659"],"upstream":["CVE-2019-11471","CVE-2020-23109","CVE-2023-0996","CVE-2023-29659","CVE-2023-49460","CVE-2023-49462","CVE-2023-49463","CVE-2023-49464","UBUNTU-CVE-2019-11471","UBUNTU-CVE-2020-23109","UBUNTU-CVE-2023-0996","UBUNTU-CVE-2023-29659","UBUNTU-CVE-2023-49460","UBUNTU-CVE-2023-49462","UBUNTU-CVE-2023-49463","UBUNTU-CVE-2023-49464"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-6847-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2019-11471"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2020-23109"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-0996"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-29659"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-49460"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-49462"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-49463"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-49464"}],"affected":[{"package":{"name":"libheif","ecosystem":"Ubuntu:Pro:18.04:LTS","purl":"pkg:deb/ubuntu/libheif@1.1.0-2ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.1.0-2ubuntu0.1~esm1"}]}],"versions":["1.1.0-2"],"ecosystem_specific":{"binaries":[{"binary_version":"1.1.0-2ubuntu0.1~esm1","binary_name":"libheif-examples"},{"binary_version":"1.1.0-2ubuntu0.1~esm1","binary_name":"libheif1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6847-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2019-11471"}],"ecosystem":"Ubuntu:Pro:18.04:LTS"}}},{"package":{"name":"libheif","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/libheif@1.6.1-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.1-1ubuntu0.1~esm1"}]}],"versions":["1.5.0-1build1","1.5.1-1","1.5.1-1build1","1.6.0-1","1.6.1-1","1.6.1-1build1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.6.1-1ubuntu0.1~esm1","binary_name":"heif-gdk-pixbuf"},{"binary_version":"1.6.1-1ubuntu0.1~esm1","binary_name":"heif-thumbnailer"},{"binary_version":"1.6.1-1ubuntu0.1~esm1","binary_name":"libheif-examples"},{"binary_version":"1.6.1-1ubuntu0.1~esm1","binary_name":"libheif1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6847-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2020-23109"},{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-0996"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-29659"}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}},{"package":{"name":"libheif","ecosystem":"Ubuntu:Pro:22.04:LTS","purl":"pkg:deb/ubuntu/libheif@1.12.0-2ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.12.0-2ubuntu0.1~esm1"}]}],"versions":["1.11.0-1","1.12.0-2build1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.12.0-2ubuntu0.1~esm1","binary_name":"heif-gdk-pixbuf"},{"binary_version":"1.12.0-2ubuntu0.1~esm1","binary_name":"heif-thumbnailer"},{"binary_version":"1.12.0-2ubuntu0.1~esm1","binary_name":"libheif-examples"},{"binary_version":"1.12.0-2ubuntu0.1~esm1","binary_name":"libheif1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6847-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-0996"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-29659"}],"ecosystem":"Ubuntu:Pro:22.04:LTS"}}}],"schema_version":"1.7.5"}