Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
strukturag libheif stsz/stts track.cc load out-of-bounds
Vulnerability Description
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. Applying a patch is the recommended action to fix this issue. The patch available is inofficial and not approved yet.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
跨界内存读
Vulnerability Title
libheif 缓冲区错误漏洞
Vulnerability Description
libheif是struktur开源的一款 ISO/IEC 23008-12:2017 HEIF 文件格式解码器和编码器。 strukturag libheif 1.21.2及之前版本存在缓冲区错误漏洞,该漏洞源于组件stsz/stts中文件libheif/sequences/track.cc函数Track::load的错误操作,可能导致越界读取。
CVSS Information
N/A
Vulnerability Type
N/A