Lucene search

K
rosalinux
ROSA LABROSA-SA-2023-2183
HistoryJul 11, 2023 - 11:03 a.m.

Advisory ROSA-SA-2023-2183

2023-07-1111:03:27
ROSA LAB
abf.rosalinux.ru
5

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.5%

Software: libwebp 1.0.0
OS: ROSA Virtualization 2.1

package_evr_string: libwebp-1.0.0.0-8.rv3.src.rpm

CVE-ID: CVE-2018-25009
BDU-ID: 2021-03097
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information by creating a specially crafted file
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libwebp command

CVE-ID: CVE-2018-25010
BDU-ID: 2021-03098
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information by creating a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libwebp command

CVE-ID: CVE-2018-25011
BDU-ID: 2021-03099
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to a buffer overflow in the “heap”. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by creating a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libwebp command

CVE-ID: CVE-2018-25012
BDU-ID: 2021-03102
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information by creating a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libwebp command

CVE-ID: CVE-2018-25013
BDU-ID: 2021-03103
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to reading beyond buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to sensitive information by creating a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libwebp command

CVE-ID: CVE-2018-25014
BDU-ID: 2021-03106
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to the use of an uninitialized variable. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update libwebp command.

CVE-ID: CVE-2020-36328
BDU-ID: 2021-03100
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the libwebp library for WebP image encoding and decoding is related to a buffer overflow in the “heap”. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by creating a specially crafted file
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update libwebp command

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchlibwebp< 1.0.0UNKNOWN
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.5%

Related for ROSA-SA-2023-2183