x/vulndb: potential Go vuln in github.com/strukturag/libheif: GHSA-22fx-6r9m-r8h9

[GoVulnBot]

In GitHub Security Advisory GHSA-22fx-6r9m-r8h9, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/strukturag/libheif	1.15.2	< 1.15.2

Cross references:

• Module github.com/strukturag/libheif appears in issue x/vulndb: potential Go vuln in github.com/strukturag/libheif: CVE-2023-0996 #1594 NOT_GO_CODE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/strukturag/libheif
      versions:
        - fixed: 1.15.2
      packages:
        - package: github.com/strukturag/libheif
summary: libheif vulnerable to segmentation fault via floating point exception
description: A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service.
cves:
    - CVE-2023-29659
ghsas:
    - GHSA-22fx-6r9m-r8h9
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2023-29659
    - report: https://github.com/strukturag/libheif/issues/794
    - fix: https://github.com/strukturag/libheif/commit/e05e15b57a38ec411cb9acb38512a1c36ff62991
    - web: https://lists.fedoraproject.org/archives/list/[email protected]/message/CKAE6NQBA3Q7GS6VTNDZRZZZVPPEFUEZ/
    - web: https://lists.fedoraproject.org/archives/list/[email protected]/message/LGKHDCS4HRZE3UGXYYDYPTIPNIBRLQ5L/
    - advisory: https://github.com/advisories/GHSA-22fx-6r9m-r8h9

[gopherbot]

Change https://go.dev/cl/501842 mentions this issue: data/excluded: batch add 15 excluded reports