Lucene search

Veracode Vulnerability DatabaseVERACODE:44607

HistoryDec 08, 2023 - 8:52 a.m.

Denial Of Services (DoS)

2023-12-0808:52:56

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

denial of services

libheif.so

vulnerability

segmentation fault

decode_uncompressed_image

application crash

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.6%

JSON

libheif.so is vulnerable to Denial Of Services (DoS). The vulnerability exists due to the segmentation fault in the decode_uncompressed_image function of uncompressed_image.cc, allowing an attacker to cause an application crash

CPENameOperatorVersion
libheif.sole1.17.3
libheif.sole1.17.3

CPE	Name	Operator	Version
	libheif.so	le	1.17.3
	libheif.so	le	1.17.3

References

github.com/strukturag/libheif/issues/1046

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.6%

JSON

Related for VERACODE:44607