Software: libwebp 1.2.3
OS: ROSA-CHROME
package_evr_string: libwebp-1.2.3-1.src.rpm
CVE-ID: CVE-2023-1999
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: There is a use after free/double free in libwebp. An attacker could use ApplyFiltersAndEncode() to free best.bw and assign the pointer best = Trial. The second loop will then return 0 due to a “Not enough memory” error in the VP8 encoder, the pointer is still assigned to Trial, and AddressSanitizer will attempt a double free.
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update libwebp