Critical severity9.8NVD Advisory· Published May 21, 2021· Updated Jun 17, 2026
CVE-2020-36328
CVE-2020-36328
Description
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
19- osv-coords18 versionspkg:rpm/opensuse/libwebp&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/libwebp&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP2pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2pkg:rpm/suse/libwebp&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3pkg:rpm/suse/libwebp&distro=SUSE%20Manager%20Proxy%204.0pkg:rpm/suse/libwebp&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.0pkg:rpm/suse/libwebp&distro=SUSE%20Manager%20Server%204.0
< 0.5.0-3.5.1+ 17 more
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
- (no CPE)range: < 0.5.0-3.5.1
Patches
Vulnerability mechanics
References
7- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchRelease NotesThird Party Advisory
- seclists.org/fulldisclosure/2021/Jul/54nvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2021/06/msg00005.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2021/06/msg00006.htmlnvdMailing ListThird Party Advisory
- security.netapp.com/advisory/ntap-20211112-0001/nvdThird Party Advisory
- support.apple.com/kb/HT212601nvdThird Party Advisory
- www.debian.org/security/2021/dsa-4930nvdThird Party Advisory
News mentions
0No linked articles in our index yet.