8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.41 Medium
EPSS
Percentile
96.9%
WebP is an image format developed by Google, which supports lossy and lossless compression of network images, and its compression effect and speed have certain advantages over PNG and JPEG formats. libwebp is a C/C++ open source library that implements the coding and decoding of the WebP image format. libwebp provides functional functions and a series of tools to encode image data into WebP format and decode and restore WebP format images. libwebp can also be used as a dependency library to implement program support for WebP image format. By providing functions and tools , libwebp can encode image data into WebP format , as well as WebP format image decoding and restoration . libwebp can also be used as a dependency library to achieve program support for the WebP image format . libwebp in the container image , frameworks , browsers , Linux operating systems and applications have more applications. libwebp can be used as an open source library to implement WebP image format encoding and decoding . Google libwebp open source inventory in remote code execution vulnerability, libwebp’s BuildHuffmanTable function in the use of the Huffman algorithm (Huffman) to decode Webp images, due to the lack of necessary input validation, memory out-of-bounds write flaws. An unauthenticated attacker can create a malicious page or file and induce a user to browse to access it to perform an out-of-bounds memory write to achieve remote arbitrary code execution or unauthorized access to sensitive information on the target host device. The vulnerability can be exploited as a 0-Click under certain environmental conditions.
CPE | Name | Operator | Version |
---|---|---|---|
google libwebp | lt | 1.3.2 |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.41 Medium
EPSS
Percentile
96.9%