VYPR
Medium severity5.3NVD Advisory· Published Jun 20, 2023· Updated Jun 17, 2026

CVE-2023-1999

CVE-2023-1999

Description

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

29

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.