1211174 – (CVE-2023-29659) VUL-0: CVE-2023-29659: libheif: segfault caused by divide-by-zero

Bug 1211174 (CVE-2023-29659) - VUL-0: CVE-2023-29659: libheif: segfault caused by divide-by-zero

Summary: VUL-0: CVE-2023-29659: libheif: segfault caused by divide-by-zero

Status:	RESOLVED FIXED

Alias:	CVE-2023-29659

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/365268/
Whiteboard:	CVSSv3.1:SUSE:CVE-2023-29659:5.5:(AV:...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2023-05-08 06:33 UTC by Alexander Bergmann
Modified:	2024-05-07 11:36 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2023-05-08 06:33:46 UTC

CVE-2023-29659

A Segmentation fault caused by a floating point exception exists in libheif
1.15.1 using crafted heif images via the heif::Fraction::round() function in
box.cc, which causes a denial of service.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29659
https://bugzilla.redhat.com/show_bug.cgi?id=2193492
https://www.cve.org/CVERecord?id=CVE-2023-29659
http://www.cvedetails.com/cve/CVE-2023-29659/
https://github.com/strukturag/libheif/issues/794
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L/

Comment 1 Alexander Bergmann 2023-05-08 06:37:50 UTC

Upstream commit:

https://github.com/strukturag/libheif/commit/e05e15b57a38ec411cb9acb38512a1c36ff62991

Comment 2 Petr Gajdos 2023-05-11 15:57:04 UTC

Submitted for 15sp4/libehif.

I believe all fixed.

Comment 4 Maintenance Automation 2023-05-16 20:30:01 UTC

SUSE-SU-2023:2223-1: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1211174
CVE References: CVE-2023-29659
Sources used:
openSUSE Leap 15.4 (src): libheif-1.12.0-150400.3.11.1
Desktop Applications Module 15-SP4 (src): libheif-1.12.0-150400.3.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 5 Maintenance Automation 2023-07-18 13:21:23 UTC

SUSE-SU-2023:2223-2: An update that solves one vulnerability can now be installed.

Category: security (moderate)
Bug References: 1211174
CVE References: CVE-2023-29659
Sources used:
openSUSE Leap 15.5 (src): libheif-1.12.0-150400.3.11.1
Desktop Applications Module 15-SP5 (src): libheif-1.12.0-150400.3.11.1
SUSE Package Hub 15 15-SP5 (src): libheif-1.12.0-150400.3.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 6 Robert Frohl 2024-05-07 11:36:00 UTC

done, closing