rpm package
suse/libwebp&distro=SUSE OpenStack Cloud 9
pkg:rpm/suse/libwebp&distro=SUSE%20OpenStack%20Cloud%209
Vulnerabilities (11)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-4863 | — | KEV | < 0.4.3-4.15.1 | 0.4.3-4.15.1 | Sep 12, 2023 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | |
| CVE-2023-1999 | — | < 0.4.3-4.10.1 | 0.4.3-4.10.1 | Jun 20, 2023 | There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is sti | ||
| CVE-2018-25013 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). | ||
| CVE-2018-25012 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | ||
| CVE-2018-25011 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | ||
| CVE-2018-25010 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | ||
| CVE-2018-25009 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | ||
| CVE-2020-36332 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. | ||
| CVE-2020-36331 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. | ||
| CVE-2020-36330 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. | ||
| CVE-2020-36329 | — | < 0.4.3-4.7.1 | 0.4.3-4.7.1 | May 21, 2021 | A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. |
- affected < 0.4.3-4.15.1fixed 0.4.3-4.15.1
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
- CVE-2023-1999Jun 20, 2023affected < 0.4.3-4.10.1fixed 0.4.3-4.10.1
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is sti
- CVE-2018-25013May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
- CVE-2018-25012May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
- CVE-2018-25011May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().
- CVE-2018-25010May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
- CVE-2018-25009May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().
- CVE-2020-36332May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
- CVE-2020-36331May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
- CVE-2020-36330May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
- CVE-2020-36329May 21, 2021affected < 0.4.3-4.7.1fixed 0.4.3-4.7.1
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.