Astra Linux - уязвимость в libwebp

A flaw was discovered in libwebp in versions prior to 1.0.1. When reading a file, libwebp allocates an excessive amount of memory. The greatest threat posed by this vulnerability is related to service availability...

Astra Linux - уязвимость в libwebp

A heap-based buffer overflow was discovered in libwebp in versions prior to 1.0.1 in the GetLE24 function...

Astra Linux - уязвимость в libwebp

An use of an uninitialized value was found in libwebp in versions before 1.0.1 in the ReadSymbol function...

Exploit for Out-of-bounds Write in Google Chrome

CVE-2023-4863 — Laboratorio de explotación de libwebp Reprodu...

CLSA-2026-1777973188 libwebp: Fix of 6 CVEs

CVE-2018-25009: fix out-of-bounds read in GetLE16 by validating VP8X chunk size - CVE-2018-25010: fix heap-based buffer overflow in ApplyFilter by limiting filter radius to image dimensions - CVE-2018-25011: fix heap-based buffer overflow in PutLE16 by rejecting multiple image chunks in ANMF...

JLSEC-2026-441

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical...

JLSEC-2026-440

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to tria...

Astra Linux - уязвимость в libwebp

A heap-based buffer overflow was discovered in libwebp in versions prior to 1.0.1, specifically in the PutLE16 function...

Astra Linux - уязвимость в libwebp

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16...

Astra Linux - уязвимость в libwebp

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

Astra Linux - уязвимость в libwebp

A flaw was discovered in libwebp in versions prior to 1.0.1. A use-after-free vulnerability was identified due to a thread being terminated prematurely. The greatest threat posed by this vulnerability is related to data confidentiality and integrity, as well as system availability...

Astra Linux - уязвимость в firefox, thunderbird, chromium, libwebp

A heap buffer overflow in libwebp in Google Chrome prior to version 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. Chromium security severity: Critical...

Astra Linux - уязвимость в firefox, libwebp, thunderbird

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free the best.bw file, assigning the best pointer to trial. The second loop will then return 0 due to a memory out-of-memory error in the VP8 encoder; the pointer remai...

Astra Linux - уязвимость в libwebp

A flaw was discovered in libwebp in versions prior to 1.0.1. An out-of-bounds read was identified in the ChunkVerifyAndAssign function. The greatest threat posed by this vulnerability is related to data confidentiality and service availability...

Astra Linux - уязвимость в libwebp

A heap-based buffer overflow was discovered in libwebp in versions prior to 1.0.1 in the ApplyFilter function...

CLSA-2026-1776421961 libwebp: Fix of 2 CVEs

CVE-2018-25013, CVE-2018-25014: wait for all threads to be done in DecodeRemaining, make sure partition 0 is read before VP8 data...

NewStart CGSL MAIN 6.06 (SP) : libwebp Vulnerability (NS-SA-2026-0031)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has libwebp packages installed that are affected by a vulnerability: - Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a...

MiracleLinux 7 : libwebp-0.3.0-11.el7 (AXSA:2023-5320:01)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-5320:01 advisory. Mozilla: libwebp: Double-free in libwebp CVE-2023-1999 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 8 : firefox-102.10.0-1.el8.ML.1 (AXSA:2023-5298:15)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2023-5298:15 advisory. MFSA-TMP-2023-0001 Mozilla: Double-free in libwebp Mozilla: Fullscreen notification obscured CVE-2023-29533 Mozilla: Potential Memory Corruption...

MiracleLinux 7 : qt5-qtimageformats-5.9.7-2.el7 (AXSA:2021-1846:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-1846:01 advisory. libwebp: heap-based buffer overflow in PutLE16 CVE-2018-25011 libwebp: use of uninitialized value in ReadSymbol CVE-2018-25014 libwebp: heap-based...