CVE-2023-0996

2023-02-2404:15:12

CWE-120

[email protected]

web.nvd.nist.gov

cve-2023-0996

vulnerability

buffer overflow

image parsing

libheif

emscripten wrapper

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.6 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.6%

JSON

There is a vulnerability in the strided image data parsing code in the emscripten wrapper for libheif. An attacker could exploit this through a crafted image file to cause a buffer overflow in linear memory during a memcpy call.

Affected configurations

NVD

Node

strukturlibheifMatch1.14.2

CPENameOperatorVersion
struktur:libheifstruktur libheifeq1.14.2

CPE	Name	Operator	Version
struktur:libheif	struktur libheif	eq	1.14.2

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "libheif",
    "repo": "https://github.com/strukturag/libheif",
    "vendor": "Struktur",
    "versions": [
      {
        "status": "affected",
        "version": "1.14.2"
      }
    ]
  }
]