x/vulndb: potential Go vuln in github.com/strukturag/libheif: CVE-2023-49463

[GoVulnBot]

CVE-2023-49463 references github.com/strukturag/libheif, which may be a Go module.

Description: libheif v1.17.5 was discovered to contain a segmentation violation via the function find_exif_tag at /libheif/exif.cc.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-49463
• JSON: https://github.com/CVEProject/cvelist/tree/ffb433edbdb3ff71ec919459be0f928b457fcab1/2023/49xxx/CVE-2023-49463.json
• report: https://github.com/strukturag/libheif/issues/1042
• web: https://github.com/strukturag/libheif
• Imported by: https://pkg.go.dev/github.com/strukturag/libheif?tab=importedby

Cross references:

• Module github.com/strukturag/libheif appears in issue #1594 NOT_GO_CODE
• Module github.com/strukturag/libheif appears in issue #1822 NOT_GO_CODE

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/strukturag/libheif
      vulnerable_at: 1.17.5
      packages:
        - package: n/a
cves:
    - CVE-2023-49463
references:
    - report: https://github.com/strukturag/libheif/issues/1042
    - web: https://github.com/strukturag/libheif

[gopherbot]

Change https://go.dev/cl/547979 mentions this issue: data/excluded: batch add 11 excluded reports