CVE-2024-41311 Information

Description

In Libheif 1.17.6 insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.

Reference

https://github.com/strukturag/libheif/issues/1226 https://github.com/strukturag/libheif/pull/1227 https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36 https://gist.github.com/flyyee/79f1b224069842ee320115cafa5c35c0