Action not permitted
Modal body text goes here.
Modal Title
Modal Body
alsa-2021:4231
Vulnerability from osv_almalinux
Published
2021-11-09 08:47
Modified
2021-11-12 10:20
Summary
Moderate: libwebp security update
Details
The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.
Security Fix(es):
-
libwebp: out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009)
-
libwebp: out-of-bounds read in ApplyFilter() (CVE-2018-25010)
-
libwebp: out-of-bounds read in WebPMuxCreateInternal() (CVE-2018-25012)
-
libwebp: out-of-bounds read in ShiftBytes() (CVE-2018-25013)
-
libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)
-
libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330)
-
libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331)
-
libwebp: excessive memory allocation when reading a file (CVE-2020-36332)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
{
"affected": [
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libwebp"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "AlmaLinux:8",
"name": "libwebp-devel"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.0.0-5.el8"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"details": "The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.\n\nSecurity Fix(es):\n\n* libwebp: out-of-bounds read in WebPMuxCreateInternal (CVE-2018-25009)\n\n* libwebp: out-of-bounds read in ApplyFilter() (CVE-2018-25010)\n\n* libwebp: out-of-bounds read in WebPMuxCreateInternal() (CVE-2018-25012)\n\n* libwebp: out-of-bounds read in ShiftBytes() (CVE-2018-25013)\n\n* libwebp: use of uninitialized value in ReadSymbol() (CVE-2018-25014)\n\n* libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c (CVE-2020-36330)\n\n* libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c (CVE-2020-36331)\n\n* libwebp: excessive memory allocation when reading a file (CVE-2020-36332)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.",
"id": "ALSA-2021:4231",
"modified": "2021-11-12T10:20:56Z",
"published": "2021-11-09T08:47:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://errata.almalinux.org/8/ALSA-2021-4231.html"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-25009"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-25010"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-25012"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-25013"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2018-25014"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-36330"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-36331"
},
{
"type": "REPORT",
"url": "https://vulners.com/cve/CVE-2020-36332"
}
],
"related": [
"CVE-2018-25009",
"CVE-2018-25010",
"CVE-2018-25012",
"CVE-2018-25013",
"CVE-2018-25014",
"CVE-2020-36330",
"CVE-2020-36331",
"CVE-2020-36332"
],
"summary": "Moderate: libwebp security update"
}
CVE-2018-25010 (GCVE-0-2018-25010)
Vulnerability from cvelistv5 – Published: 2021-05-21 16:24 – Updated: 2024-08-05 12:26
VLAI?
EPSS
Summary
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.513Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956918"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libwebp",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libwebp 1.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter()."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:22:42.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956918"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-25010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libwebp",
"version": {
"version_data": [
{
"version_value": "libwebp 1.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956918",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956918"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105"
},
{
"name": "https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63",
"refsource": "MISC",
"url": "https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-25010",
"datePublished": "2021-05-21T16:24:23.000Z",
"dateReserved": "2021-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:26:39.513Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25012 (GCVE-0-2018-25012)
Vulnerability from cvelistv5 – Published: 2021-05-21 16:26 – Updated: 2024-08-05 12:26
VLAI?
EPSS
Summary
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956922"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libwebp",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libwebp 1.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24()."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:23:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956922"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-25012",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libwebp",
"version": {
"version_data": [
{
"version_value": "libwebp 1.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956922",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956922"
},
{
"name": "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097",
"refsource": "MISC",
"url": "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-25012",
"datePublished": "2021-05-21T16:26:31.000Z",
"dateReserved": "2021-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:26:39.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25014 (GCVE-0-2018-25014)
Vulnerability from cvelistv5 – Published: 2021-05-21 16:27 – Updated: 2024-08-05 12:26
VLAI?
EPSS
Summary
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libwebp",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libwebp 1.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol()."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-908",
"description": "CWE-908",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:23:22.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-25014",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libwebp",
"version": {
"version_data": [
{
"version_value": "libwebp 1.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-908"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956927"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496"
},
{
"name": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52",
"refsource": "MISC",
"url": "https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-25014",
"datePublished": "2021-05-21T16:27:57.000Z",
"dateReserved": "2021-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:26:39.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36332 (GCVE-0-2020-36332)
Vulnerability from cvelistv5 – Published: 2021-05-21 16:21 – Updated: 2024-08-04 17:23
VLAI?
EPSS
Summary
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
Severity ?
No CVSS data available.
CWE
- CWE-20 - >CWE-400
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:10.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956868"
},
{
"name": "DSA-4930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libwebp",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libwebp 1.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20-\u003eCWE-400",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-04T08:06:18.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956868"
},
{
"name": "DSA-4930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-36332",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libwebp",
"version": {
"version_data": [
{
"version_value": "libwebp 1.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20-\u003eCWE-400"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956868",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956868"
},
{
"name": "DSA-4930",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211104-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211104-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-36332",
"datePublished": "2021-05-21T16:21:29.000Z",
"dateReserved": "2021-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:23:10.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25009 (GCVE-0-2018-25009)
Vulnerability from cvelistv5 – Published: 2021-05-21 16:22 – Updated: 2024-08-05 12:26
VLAI?
EPSS
Summary
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956917"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libwebp",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libwebp 1.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16()."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:22:28.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956917"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-25009",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libwebp",
"version": {
"version_data": [
{
"version_value": "libwebp 1.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956917",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956917"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100"
},
{
"name": "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097",
"refsource": "MISC",
"url": "https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-25009",
"datePublished": "2021-05-21T16:22:38.000Z",
"dateReserved": "2021-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:26:39.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-25013 (GCVE-0-2018-25013)
Vulnerability from cvelistv5 – Published: 2021-05-21 16:27 – Updated: 2024-08-05 12:26
VLAI?
EPSS
Summary
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T12:26:39.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956926"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libwebp",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libwebp 1.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes()."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-05T15:23:12.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956926"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-25013",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libwebp",
"version": {
"version_data": [
{
"version_value": "libwebp 1.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956926",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956926"
},
{
"name": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417",
"refsource": "MISC",
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9417"
},
{
"name": "https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6",
"refsource": "MISC",
"url": "https://chromium.googlesource.com/webm/libwebp/+/907208f97ead639bd521cf355a2f203f462eade6"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-25013",
"datePublished": "2021-05-21T16:27:13.000Z",
"dateReserved": "2021-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T12:26:39.668Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36330 (GCVE-0-2020-36330)
Vulnerability from cvelistv5 – Published: 2021-05-21 16:19 – Updated: 2024-08-04 17:23
VLAI?
EPSS
Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:10.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853"
},
{
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
},
{
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"name": "DSA-4930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212601"
},
{
"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0004/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libwebp",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libwebp 1.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-04T08:06:20.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853"
},
{
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
},
{
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"name": "DSA-4930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212601"
},
{
"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211104-0004/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-36330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libwebp",
"version": {
"version_data": [
{
"version_value": "libwebp 1.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956853"
},
{
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
},
{
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"name": "DSA-4930",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"name": "https://support.apple.com/kb/HT212601",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212601"
},
{
"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211104-0004/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211104-0004/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-36330",
"datePublished": "2021-05-21T16:19:44.000Z",
"dateReserved": "2021-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:23:10.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-36331 (GCVE-0-2020-36331)
Vulnerability from cvelistv5 – Published: 2021-05-21 16:20 – Updated: 2024-08-04 17:23
VLAI?
EPSS
Summary
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Severity ?
No CVSS data available.
CWE
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T17:23:10.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956856"
},
{
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
},
{
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"name": "DSA-4930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT212601"
},
{
"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20211112-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "libwebp",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "libwebp 1.0.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-11-12T08:06:33.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956856"
},
{
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
},
{
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"name": "DSA-4930",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT212601"
},
{
"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20211112-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-36331",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "libwebp",
"version": {
"version_data": [
{
"version_value": "libwebp 1.0.1"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1956856",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956856"
},
{
"name": "[debian-lts-announce] 20210605 [SECURITY] [DLA 2672-1] libwebp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html"
},
{
"name": "[debian-lts-announce] 20210606 [SECURITY] [DLA 2677-1] libwebp security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html"
},
{
"name": "DSA-4930",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4930"
},
{
"name": "https://support.apple.com/kb/HT212601",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT212601"
},
{
"name": "20210723 APPLE-SA-2021-07-21-1 iOS 14.7 and iPadOS 14.7",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Jul/54"
},
{
"name": "https://security.netapp.com/advisory/ntap-20211112-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20211112-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-36331",
"datePublished": "2021-05-21T16:20:33.000Z",
"dateReserved": "2021-05-04T00:00:00.000Z",
"dateUpdated": "2024-08-04T17:23:10.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…