libwebp: Fix of 6 CVEs

🗓️ 05 May 2026 23:41:05Reported by CloudLinuxType

cloudlinux

cloudlinux🔗 repo.cloudlinux.com👁 5 Views

libwebp fixes six CVEs by validating VP8X, limiting filter radius, rejecting chunks, and syncing threads.

Reporter	Title	Published	Views	Family All 376
IBM Security Bulletins	Security Bulletin: Cloud Pak for Security uses packages that are vulnerable to several CVEs	19 Oct 202115:38	–	ibm
IBM Security Bulletins	Security Bulletin: Spoofing vulnerability affect IBM Business Automation Workflow - Process Federation Server component - CVE-2018-25013	6 Sep 202216:18	–	ibm
Tenable Nessus	Amazon Linux 2 : libwebp (ALAS-2021-1676)	1 Jul 202100:00	–	nessus
Tenable Nessus	Amazon Linux 2 : qt5-qtimageformats (ALAS-2021-1679)	1 Jul 202100:00	–	nessus
Tenable Nessus	Amazon Linux 2 : libwebp (ALAS-2023-2048)	17 May 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libwebp (ALAS-2023-1748)	24 May 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0038: libwebp (ALINUX3-SA-2021:0038)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : libwebp (ALSA-2021:4231)	9 Feb 202200:00	–	nessus
Tenable Nessus	Apple iOS < 14.7 Multiple Vulnerabilities (HT212601)	23 Jul 202100:00	–	nessus
Tenable Nessus	CentOS 8 : libwebp (CESA-2021:2354)	16 Jun 202100:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Centos	6	i686	libwebp	0.4.3	libwebp-0.4.3-3.el6.tuxcare.els4.src.rpm
Centos	6	x86_64	libwebp	0.4.3	libwebp-0.4.3-3.el6.tuxcare.els4.src.rpm
Centos	6	i686	libwebp-devel	0.4.3	libwebp-0.4.3-3.el6.tuxcare.els4.src.rpm
Centos	6	x86_64	libwebp-devel	0.4.3	libwebp-0.4.3-3.el6.tuxcare.els4.src.rpm
Centos	6	x86_64	libwebp-java	0.4.3	libwebp-0.4.3-3.el6.tuxcare.els4.src.rpm
Centos	6	x86_64	libwebp-tools	0.4.3	libwebp-0.4.3-3.el6.tuxcare.els4.src.rpm

05 May 2026 23:41Current

7.5High risk

Vulners AI Score7.5

CVSS 27.5

CVSS 3.19.8

EPSS0.00575

vp8x validation filter radius limit image chunk rejection thread synchronization decoder readiness read symbol validation