libvips Heap-Based Buffer Overflow Vulnerability in HEIF Save Operation

A heap-based buffer overflow vulnerability has been identified in libvips, an image processing library, in versions through 8.16.0. The issue arises in the heifsave operation, which can incorrectly assess the presence of an alpha channel in certain TIFF images. When a 'multiband' TIFF image with four channels is processed, libvips creates a three-channel HEIF image without an alpha channel, while attempting to write four channels of data. This discrepancy leads to a heap buffer overflow, potentially crashing the application.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to a crash of the libvips process.

Reproduction

The vulnerability can be reproduced by using a crafted TIFF image that has four channels and is interpreted as 'multiband'. When this image is processed with the HEIF save operation, the vulnerability is triggered, causing a heap buffer overflow.

Remediation

Users can upgrade to libvips version 8.16.1 or later, or for those using Debian 11, version 8.10.5-2+deb11u1 is recommended.