Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-1999HistoryJun 20, 2023 - 12:15 p.m.
CVE-2023-1999
2023-06-2012:15:09
Debian Security Bug Tracker
security-tracker.debian.org
10
There exists a use after free/double free in libwebp. An attacker can use theย ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 999 | all | firefox | <ย 112.0-1 | firefox_112.0-1_all.deb |
| Debian | 12 | all | firefox-esr | <ย 102.10.0esr-1 | firefox-esr_102.10.0esr-1_all.deb |
| Debian | 11 | all | firefox-esr | <ย 102.10.0esr-1~deb11u1 | firefox-esr_102.10.0esr-1~deb11u1_all.deb |
| Debian | 10 | all | firefox-esr | <ย 102.10.0esr-1~deb10u1 | firefox-esr_102.10.0esr-1~deb10u1_all.deb |
| Debian | 999 | all | firefox-esr | <ย 102.10.0esr-1 | firefox-esr_102.10.0esr-1_all.deb |
| Debian | 13 | all | firefox-esr | <ย 102.10.0esr-1 | firefox-esr_102.10.0esr-1_all.deb |
| Debian | 12 | all | libwebp | <ย 1.2.4-0.2 | libwebp_1.2.4-0.2_all.deb |
| Debian | 11 | all | libwebp | <ย 0.6.1-2.1+deb11u1 | libwebp_0.6.1-2.1+deb11u1_all.deb |
| Debian | 10 | all | libwebp | <ย 0.6.1-2+deb10u2 | libwebp_0.6.1-2+deb10u2_all.deb |
| Debian | 999 | all | libwebp | <ย 1.2.4-0.2 | libwebp_1.2.4-0.2_all.deb |
Related
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libwebp (SUSE-SU-2023:2490-1)
2023-06-14 00:00:00
EulerOS Virtualization 3.0.6.6 : libwebp (EulerOS-SA-2023-3402)
2024-01-16 00:00:00
EulerOS 2.0 SP11 : libwebp (EulerOS-SA-2023-2695)
2024-01-16 00:00:00
oraclelinux
oraclelinux
libwebp security update
2023-05-02 00:00:00
libwebp security update
2023-05-02 00:00:00
libwebp security update
2023-05-02 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2023-3402)
2023-12-14 00:00:00
Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2023-2543)
2023-08-03 00:00:00
Huawei EulerOS: Security Advisory for libwebp (EulerOS-SA-2023-2385)
2023-07-17 00:00:00
redhat
redhat
(RHSA-2023:2075) Important: libwebp security update
2023-05-02 07:19:40
(RHSA-2023:2073) Important: libwebp security update
2023-05-02 06:53:01
(RHSA-2023:2072) Important: libwebp security update
2023-05-02 06:42:08
ubuntu
ubuntu
libwebp vulnerability
2023-07-18 00:00:00
libwebp vulnerability
2023-05-16 00:00:00
alpinelinux
alpinelinux
CVE-2023-1999
2023-06-20 12:15:09
osv
osv
Important: libwebp security update
2023-05-02 00:00:00
Important: libwebp security update
2023-05-25 20:21:42
Important: libwebp security update
2023-05-02 00:00:00
centos
centos
libwebp security update
2023-07-27 14:42:41
firefox security update
2023-04-24 17:46:00
thunderbird security update
2023-04-24 14:49:28
almalinux
almalinux
Important: libwebp security update
2023-05-02 00:00:00
Important: libwebp security update
2023-05-02 00:00:00
rocky
rocky
libwebp security update
2023-05-25 20:21:42
libwebp security update
2023-05-05 15:41:17
mscve
mscve
Chromium: CVE-2023-1999 Use after free in libwebp
2023-09-29 16:24:23
rosalinux
rosalinux
Advisory ROSA-SA-2024-2358
2024-02-20 10:32:20
Advisory ROSA-SA-2023-2184
2023-07-11 11:09:54
cve
cve
CVE-2023-1999
2023-06-20 12:15:09
ubuntucve
ubuntucve
CVE-2023-1999
2023-05-08 00:00:00
debian
debian
[SECURITY] [DLA 3439-1] libwebp security update
2023-05-31 14:32:57
[SECURITY] [DSA 5408-1] libwebp security update
2023-05-21 18:08:42
cloudlinux
cloudlinux
libwebp: Fix of CVE-2023-1999
2023-10-12 18:41:30
redhatcve
redhatcve
CVE-2023-1999
2023-04-28 09:51:35
prion
prion
Double free
2023-06-20 12:15:00
cloudfoundry
cloudfoundry
USN-6078-1: libwebp vulnerability | Cloud Foundry
2023-05-25 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-1999 affecting package libwebp for versions less than 1.3.2-1
2023-10-04 16:53:46
cvelist
cvelist
CVE-2023-1999 Use after free in libwebp
2023-06-20 11:28:52
veracode
veracode
Double-Free
2023-06-04 19:09:20
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0061
2023-07-29 00:00:00
Important Photon OS Security Update - PHSA-2023-3.0-0626
2023-08-03 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0441
2023-07-30 00:00:00
gentoo
gentoo
WebP: Multiple vulnerabilities
2023-09-17 00:00:00
Mozilla Thunderbird: Multiple Vulnerabilities
2023-05-30 00:00:00
Mozilla Firefox: Multiple Vulnerabilities
2023-05-30 00:00:00
kaspersky
kaspersky
KLA61043 Multiple vulnerabilities in Microsoft Browser
2023-09-29 00:00:00
KLA48841 Multiple vulnerabilities in Mozilla Firefox ESR
2023-04-11 00:00:00
KLA48840 Multiple vulnerabilities in Mozilla Thunderbird
2023-04-11 00:00:00
amazon
amazon
Important: thunderbird
2023-04-27 18:37:00
mozilla
mozilla
ibm
ibm
hp
hp
HP ThinPro 8.0 SP 7 Security Updates
2024-01-26 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00