There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.
References
Link | Resource |
---|---|
https://govtech-csg.github.io/security-advisories/2023/02/24/CVE-2023-0996.html | Third Party Advisory |
https://github.com/strukturag/libheif/pull/759 | Patch Vendor Advisory |
Configurations
Information
Published : 2023-02-23 20:15
Updated : 2023-03-07 12:46
NVD link : CVE-2023-0996
Mitre link : CVE-2023-0996
JSON object : View
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Products Affected
struktur
- libheif