CVE-2023-49460 #361
Description
CVE-2023-49460
libheif v1.17.5 was discovered to contain a segmentation violation via the function UncompressedImageCodec::decode_uncompressed_image.
Affected component
The vulnerability is in pkg:deb/debian/[email protected], detected by the github.com/l3montree-dev/devguard/cmd/devguard-scanner/container-scanning scan.
Recommended fix
No fix is available.
Risk: 0.81 (Low)
EPSS: 0.21 %
The exploit probability is very low. The vulnerability is unlikely to be exploited in the next 30 days.
Exploit: Not available
We did not find any exploit available. Neither in GitHub repositories nor in the Exploit-Database. There are no script kiddies exploiting this vulnerability.
Vulnerability Depth: 5
The vulnerability is in a dependency of a dependency your project. It is 5 levels deep.
CVSS-BE: 8.8
- Exploiting this vulnerability significantly impacts availability.
- Exploiting this vulnerability significantly impacts integrity.
- Exploiting this vulnerability significantly impacts confidentiality.
CVSS-B: 8.8
- The vulnerability can be exploited over the network without needing physical access.
- It is easy for an attacker to exploit this vulnerability.
- An attacker does not need any special privileges or access rights.
- The attacker needs the user to perform some action, like clicking a link.
- The impact is confined to the system where the vulnerability exists.
- There is a high impact on the confidentiality of the information.
- There is a high impact on the integrity of the data.
- There is a high impact on the availability of the system.
More details can be found in DevGuard
Slash Commands
You can use the following slash commands to interact with this vulnerability:
/accept <Justification>or/a <Justification>- Accept the risk/false-positive <Justification>or/fp <Justification>- Mark the risk as false positive/reopen <Justification>or/r <Justification>- Reopen the risk
Risk exceeds predefined threshold