Source: libheif X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for libheif. CVE-2020-23109[0]: | Buffer overflow vulnerability in function convert_colorspace in | heif_colorconversion.cc in libheif v1.6.2, allows attackers to cause a | denial of service and disclose sensitive information, via a crafted | HEIF file. https://github.com/strukturag/libheif/issues/207 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-23109 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23109 Please adjust the affected versions in the BTS as needed.
