CVE-2023-49463
CVE Details
Visit the official vulnerability details page for CVE-2023-49463 to learn more.
Initial Publication
01/20/2025
Last Update
03/24/2025
Third Party Dependency
libheif1
NIST CVE Summary
libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.
CVE Severity
Our Official Summary
This vulnerabiity is not a security issue as per the vendors. This issue causes segmentation violation via the function find_exif_tag at /libheif/exif.cc. This issue is of low risk as containers where this is reported are not accessible without privileged access. Impact of exploitation is also low since the attack surface is restricted to containers and they do not allow execution of arbitraty code.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.6.13 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.12 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.8 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.7 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.6 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.22 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.21 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.20 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 03/24/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8, 4.6.12 to 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8, 4.6.12, 4.6.13 |
| 03/18/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8 to 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8, 4.6.12 |
| 03/13/2025 | Status changed from Open to Ongoing |
| 03/13/2025 | Official summary added |
| 03/01/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7 to 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7, 4.6.8 |
| 02/21/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22, 4.6.6 to 4.5.20, 4.5.21, 4.5.22, 4.6.6, 4.6.7 |
| 02/17/2025 | Impacted versions changed from 4.5.20, 4.5.21, 4.5.22 to 4.5.20, 4.5.21, 4.5.22, 4.6.6 |
| 02/14/2025 | Impacted versions changed from 4.5.20, 4.5.21 to 4.5.20, 4.5.21, 4.5.22 |
| 02/05/2025 | Impacted versions changed from 4.5.20 to 4.5.20, 4.5.21 |