rpm package
almalinux/libwebp-devel
pkg:rpm/almalinux/libwebp-devel
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-4863 | — | KEV | < 1.2.0-7.el9_2 | 1.2.0-7.el9_2 | Sep 12, 2023 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | |
| CVE-2023-1999 | — | < 1.0.0-8.el8_7 | 1.0.0-8.el8_7 | Jun 20, 2023 | There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is sti | ||
| CVE-2018-25014 | — | < 1.0.0-5.el8 | 1.0.0-5.el8 | May 21, 2021 | A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). | ||
| CVE-2018-25013 | — | < 1.0.0-5.el8 | 1.0.0-5.el8 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). | ||
| CVE-2018-25012 | — | < 1.0.0-5.el8 | 1.0.0-5.el8 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | ||
| CVE-2018-25010 | — | < 1.0.0-5.el8 | 1.0.0-5.el8 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | ||
| CVE-2018-25009 | — | < 1.0.0-5.el8 | 1.0.0-5.el8 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | ||
| CVE-2020-36332 | — | < 1.0.0-5.el8 | 1.0.0-5.el8 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. | ||
| CVE-2020-36331 | — | < 1.0.0-5.el8 | 1.0.0-5.el8 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. | ||
| CVE-2020-36330 | — | < 1.0.0-5.el8 | 1.0.0-5.el8 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. |
- affected < 1.2.0-7.el9_2fixed 1.2.0-7.el9_2
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2023-1999Jun 20, 2023affected < 1.0.0-8.el8_7fixed 1.0.0-8.el8_7
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is sti
- CVE-2018-25014May 21, 2021affected < 1.0.0-5.el8fixed 1.0.0-5.el8
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
- CVE-2018-25013May 21, 2021affected < 1.0.0-5.el8fixed 1.0.0-5.el8
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
- CVE-2018-25012May 21, 2021affected < 1.0.0-5.el8fixed 1.0.0-5.el8
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
- CVE-2018-25010May 21, 2021affected < 1.0.0-5.el8fixed 1.0.0-5.el8
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
- CVE-2018-25009May 21, 2021affected < 1.0.0-5.el8fixed 1.0.0-5.el8
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().
- CVE-2020-36332May 21, 2021affected < 1.0.0-5.el8fixed 1.0.0-5.el8
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
- CVE-2020-36331May 21, 2021affected < 1.0.0-5.el8fixed 1.0.0-5.el8
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
- CVE-2020-36330May 21, 2021affected < 1.0.0-5.el8fixed 1.0.0-5.el8
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.