Vulnerabilities > CVE-2024-41311 - Out-of-bounds Write vulnerability in multiple products

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

struktur

debian

CWE-787

NVD

Published: 2024-10-15

Updated: 2025-03-24

Summary

In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.

Vulnerable Configurations

Part	Description	Count
Application	Struktur Struktur Libheif 1.17.6	1
OS	Debian Debian Debian Linux 11.0	1

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://gist.github.com/flyyee/79f1b224069842ee320115cafa5c35c0
https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36
https://github.com/strukturag/libheif/issues/1226
https://github.com/strukturag/libheif/pull/1227
https://lists.debian.org/debian-lts-announce/2024/10/msg00025.html