rpm package
suse/libwebp&distro=HPE Helion OpenStack 8
pkg:rpm/suse/libwebp&distro=HPE%20Helion%20OpenStack%208
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-4863 | Hig | 8.8 | KEV | < 0.4.3-4.15.1 | 0.4.3-4.15.1 | Sep 12, 2023 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) |
| CVE-2023-1999 | Med | 5.3 | < 0.4.3-4.10.1 | 0.4.3-4.10.1 | Jun 20, 2023 | There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is sti | |
| CVE-2020-36332 | Hig | 7.5 | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. | |
| CVE-2020-36331 | Cri | 9.1 | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. | |
| CVE-2020-36330 | Cri | 9.1 | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. | |
| CVE-2020-36329 | Cri | 9.8 | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |
| CVE-2018-25013 | Cri | 9.1 | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). | |
| CVE-2018-25012 | Cri | 9.1 | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | |
| CVE-2018-25011 | Cri | 9.8 | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | |
| CVE-2018-25010 | Cri | 9.1 | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | |
| CVE-2018-25009 | Cri | 9.1 | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). |
- affected < 0.4.3-4.15.1fixed 0.4.3-4.15.1
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
- affected < 0.4.3-4.10.1fixed 0.4.3-4.10.1
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is sti
- affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
- affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
- affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
- affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
- affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
- affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
- affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().
- affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
- affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().