rpm package
suse/libwebp&distro=SUSE OpenStack Cloud 7
pkg:rpm/suse/libwebp&distro=SUSE%20OpenStack%20Cloud%207
Vulnerabilities (9)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-25013 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). | ||
| CVE-2018-25012 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | ||
| CVE-2018-25011 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | ||
| CVE-2018-25010 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | ||
| CVE-2018-25009 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | ||
| CVE-2020-36332 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. | ||
| CVE-2020-36331 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. | ||
| CVE-2020-36330 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. | ||
| CVE-2020-36329 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
- CVE-2018-25013May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
- CVE-2018-25012May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
- CVE-2018-25011May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().
- CVE-2018-25010May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
- CVE-2018-25009May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().
- CVE-2020-36332May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
- CVE-2020-36331May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
- CVE-2020-36330May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
- CVE-2020-36329May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.