OSV-2024-1356 Heap-buffer-overflow in ChunkAssignData

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=382816119 Crash type: Heap-buffer-overflow READ 1 Crash state: ChunkAssignData WebPMuxCreateInternal MuxDemuxApiTest...

Medium: libwebp

Issue Overview: A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. CVE-2020-36330 A flaw was found in libwebp in versions...

SUSE CVE-2020-36331

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability...

NewStart CGSL MAIN 6.02 : libwebp Multiple Vulnerabilities (NS-SA-2022-0091)

The remote NewStart CGSL host, running version MAIN 6.02, has libwebp packages installed that are affected by multiple vulnerabilities: - A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16. CVE-2018-25009 - A heap-based buffer overflow was found in libwebp in...

Out-of-bounds Read

Libwebp is vulnerable to Out-of-bounds Read. The vulnerability exists in the ChunkAssignData In Mux/muxinternal.c, allowing an attacker to read memory values its leads to information disclosure...

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.

...

DEBIAN-CVE-2020-36331

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability...

CVE-2020-36331

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability...

CVE-2020-36331

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability...

CVE-2020-36331

A flaw was found in libwebp. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability...

CVE-2020-36331

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability...

PT-2020-6124 · Google +9 · Libwebp +9

Name of the Vulnerable Software and Affected Versions: libwebp versions prior to 1.0.1 Description: A flaw was found in libwebp, related to an out-of-bounds read in the ChunkAssignData function. This issue poses a threat to data confidentiality and service availability. Exploitation of this flaw...