86 matches found
CVE-2023-6351
CVE-2023-6351 describes a use-after-free in libavif used by Google Chrome before 119.0.6045.199, allowing a remote attacker to cause heap corruption via a crafted AVIF file. Affected product/component: Google Chrome/Chromium with libavif. Root cause: use-after-free in libavif leading to possible ...
CVE-2023-6350
CVE-2023-6350 is a use-after-free in libavif used by Google Chrome/Chromium before version 119.0.6045.199, potentially enabling remote heap corruption via a crafted avif file. Affected software stacks include Chromium-based browsers (Chrome/Chromium) and related Electron builds, with multiple sec...
CVE-2023-6351
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...
CVE-2023-6350
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...
CVE-2023-6350
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...
CVE-2023-6351
Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. Chromium security severity: High...
PT-2023-7328 · Google +5 · Google Chrome +5
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 119.0.6045.199 Microsoft Edge affected versions not specified Description: The issue is related to a use after free in libavif, which can lead to heap corruption when processing crafted avif files. This can...
PT-2023-7329 · Google +5 · Google Chrome +5
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 119.0.6045.199 Microsoft Edge affected versions not specified Description: The issue is related to a use after free in the libavif library, which can lead to heap corruption when processing crafted avif files...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in ShortPixel ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin = 3.7.1 versions...
CVE-2023-32512
CVE-2023-32512 is a CSRF vulnerability in the WordPress plugin ShortPixel Adaptive Images (WebP, AVIF, CDN, Image Optimization) vulnerable through versions
The vulnerability of the heif::Fraction::round() function in the box.cc file decoder for HEIF and AVIF formats in the libheif library allows a malicious actor to cause service interruptions.
The vulnerability of the heif::Fraction::round function in the box.cc file format decoders for HEIF and AVIF formats in the libheif library is related to a floating-point exception. Exploiting this vulnerability could allow an attacker to cause service failures...
ROS-20230615-03
A vulnerability in the HEIF and AVIF libheif file format decoder is related to a floating point exception in the heif::Fraction::round function in box.cc Exploitation of the vulnerability could allow an attacker, remotely to perform a denial of service attack...
[SECURITY] Fedora 36 Update: libheif-1.15.2-1.fc36
libheif is an ISO/IEC 23008-12:2017 HEIF and AVIF AV1 Image File Format file format decoder and encoder...
[SECURITY] Fedora 37 Update: libheif-1.15.2-1.fc37
libheif is an ISO/IEC 23008-12:2017 HEIF and AVIF AV1 Image File Format file format decoder and encoder...
Fedora: Security Advisory for libheif (FEDORA-2023-440c8694e5)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for libheif (FEDORA-2023-fd63c401df)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 38 Update: libheif-1.15.2-1.fc38
libheif is an ISO/IEC 23008-12:2017 HEIF and AVIF AV1 Image File Format file format decoder and encoder...
ROS-20230322-01
A vulnerability in the HEIF and AVIF libheif file format decoder is related to the data parsing code of strided images in the emscripten wrapper for libheif. Exploitation of the vulnerability could allow an attacker acting remotely to use a specially crafted image file to cause a buffer overflow ...
Cloudflare Public Bug Bounty: Bypassing Cache Deception Armor using .avif extension file
Cloudflare Deception Armor could be bypassed by using .avif extension making Cache deception attack possible on vulnerable origin servers. Cloudflare Cache Deception Armor uses a Page rule to protect Cloudflare Cache against caching possibly sensitive information. This attack could be performed b...
libavif buffer overflow vulnerability
libavif is a library for encoding and decoding .avif files. libavif suffers from a security vulnerability that stems from libavif 0.8.0 and 0.8.1 having an out-of-bounds write in the avifDecoderDataFillImageGrid. no details of the vulnerability are currently available...