{"id":"CVE-2024-41311","details":"In Libheif 1.17.6, insufficient checks in ImageOverlay::parse() decoding a heif file containing an overlay image with forged offsets can lead to an out-of-bounds read and write.","modified":"2026-04-16T04:38:14.242885274Z","published":"2024-10-15T21:15:10.923Z","related":["SUSE-SU-2024:3960-1","openSUSE-SU-2024:14579-1"],"references":[{"type":"ADVISORY","url":"https://gist.github.com/flyyee/79f1b224069842ee320115cafa5c35c0"},{"type":"REPORT","url":"https://github.com/strukturag/libheif/issues/1226"},{"type":"FIX","url":"https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36"},{"type":"FIX","url":"https://github.com/strukturag/libheif/pull/1227"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2024/10/msg00025.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/strukturag/libheif","events":[{"introduced":"0"},{"last_affected":"59b58566de0d8e2e9fea958abeba1d3346bda9de"},{"fixed":"a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.17.6"}]}}],"versions":["v1.1.0","v1.10.0","v1.11.0","v1.12.0","v1.13.0","v1.14.0","v1.14.1","v1.14.2","v1.15.0","v1.15.1","v1.15.2","v1.16.0","v1.16.1","v1.16.2","v1.17.0","v1.17.1","v1.17.2","v1.17.3","v1.17.4","v1.17.5","v1.17.6","v1.18.0-rc1","v1.2.0","v1.3.0","v1.3.1","v1.3.2","v1.7.0","v1.8.0","v1.9.0","v1.9.1"],"database_specific":{"vanir_signatures_modified":"2026-04-12T07:22:50Z","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"11.0"}]}],"vanir_signatures":[{"deprecated":false,"signature_version":"v1","id":"CVE-2024-41311-212cf0d4","target":{"file":"libheif/context.cc","function":"ImageOverlay::parse"},"signature_type":"Function","digest":{"function_hash":"173311675283624134387912327509008473688","length":1113},"source":"https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36"},{"deprecated":false,"signature_version":"v1","id":"CVE-2024-41311-4d8c2208","target":{"file":"libheif/pixelimage.cc"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["199552263805737561284050145714968856287","165422266643400024016313375172522398198","180033657895748126602831336989987210673","189887803439879633491609234257712090372","30229904163686012330946050880614291265","51392871933382754157426764918766303363","93229101342813780699996397408371042191","55243773780575863442651236807721696762","136035662303380996503589403874678035051","183225075863443453880290293664347108291","45289821677188080865932746360989307741","10211928742648628472227617329606520940","5696325085153436326710357962775198295","333431399323638600358086591206274538056","231454303058703224983081124071424242313","184985771065220936702395069482602774393","194536753307187255067325972534063669544","209252104496309760212722099118167258840","18290743728633375669528348433724812855","286008113164688586033612454045952097701","18556939492194700870056687009919588530","59990360985222962797058411468055107166","149945864862126184393250202380963231118","219261184209270081653475792746601081541","95961139924895972855349813460681455396","251889454835696797788207875411858768131","185894465369698308510911457328560098889","271214504213560793957759420000248642422","288157629370500558409018951893247999831","161368810937098632971793060837335774039","338554341232491959430627723304781428998","137561794343572263290591683018124636746","310182566129060621311518452794300515956","133294905584986504980524121693238318940","14853676479294205362466405696085723456","194295647374668018498435592087728467682","141579747086259096775532944826867100040","195689630057844184220319129536904166844","15012862894981603766546466657297783314","9205232151826348896435919339058532893","229430739017037062136833680263876604281","85005085750236594173030196306251819423","168290041424508430595017006410669747494","182744254392872156242991018787310405420","118048606027276972819735394818511770918","147167810361073107009812831628296720440","174310907466533799913279551690619910048","339737641806724747454190805793617533208","164788371369794612447704401640444597228","236648328396617439660168574158438507571","259949729457592370558701953951477710522","83333938323182439543071546034155028660","17126884994219268650179956241061169179","204819102560463345088006918150385961585","222977524111234647453311581477527092427","149033929122260277009958254801528904351","164788371369794612447704401640444597228","10797187280327662238003934537153714885","273081084621782586754452159674785208874","254120452596989585743843438389508680864","308524646639230003151360668534371775398","152366930449710676217814338147251218971","23901373130120391930441093047332823499","106571198111993582236991554113834320863","11549147279199251116285435555741147072","186468692745360320426383858427803705665","314202860055721951364162168616603567463","78289514468935581714742947977842172997"]},"source":"https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36"},{"deprecated":false,"signature_version":"v1","id":"CVE-2024-41311-7cc3c664","target":{"file":"libheif/pixelimage.cc","function":"HeifPixelImage::overlay"},"signature_type":"Function","digest":{"function_hash":"202545963414215962044629709737210120450","length":2224},"source":"https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36"},{"deprecated":false,"signature_version":"v1","id":"CVE-2024-41311-807cda5a","target":{"file":"libheif/pixelimage.h"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["105329586996834917681742930832353796757","261391097436832287710591966173435959646","223887968081567386217219519890248013631","153917598935205667416519856560568057417"]},"source":"https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36"},{"deprecated":false,"signature_version":"v1","id":"CVE-2024-41311-c5b95db2","target":{"file":"libheif/context.cc"},"signature_type":"Line","digest":{"threshold":0.9,"line_hashes":["39220634968913479029486567793588491706","65447239829208056754106920004490624594","286317884832100342661869317519226961863","93633028574982367921680148351134709522","186442064864314806107169195727424581574","105781432727809017085079098540202849730","164116372118084159478984673343566465359","72917656133267028660406275661006569561","242397034181951836153234550272352961590"]},"source":"https://github.com/strukturag/libheif/commit/a3ed1b1eb178c5d651d6ac619c8da3d71ac2be36"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-41311.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}]}