59 matches found
sharp vulnerability in libwebp dependency CVE-2023-4863
Overview sharp uses libwebp to decode WebP images and versions prior to the latest 0.32.6 are vulnerable to the high severity https://github.com/advisories/GHSA-j7hp-h8jx-5ppr. Who does this affect? Almost anyone processing untrusted input with versions of sharp prior to 0.32.6. How to resolve...
OPENSUSE-SU-2023:0278-1 Security update for seamonkey
This update for seamonkey fixes the following issues: update to SeaMonkey 2.53.17.1 Upstream libwebp security fix bug 1852749. CVE-2023-4863: Heap buffer overflow in libwebp bug 1852649. Fix bad string encoded in ansi. l10n fr problem only bug 1847887. SeaMonkey 2.53.17 uses the same backend as...
PYSEC-2023-181
opencv-contrib-python versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2...
PYSEC-2023-182
opencv-contrib-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-contrib-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2...
PYSEC-2023-184
opencv-python-headless versions before v4.8.1.78 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-4863. opencv-python-headless v4.8.1.78 upgrades the bundled libwebp binary to v1.3.2...
OESA-2023-1685 firefox security update
Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop...
USN-6369-2 libwebp vulnerability
USN-6369-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted imag...
The vulnerability of the libwebp library regarding the encoding and decoding of WebP images, which involves reading beyond the buffer in memory, allows attackers to execute arbitrary code.
The vulnerability of the libwebp library for encoding and decoding WebP images involves reading beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code...
DEBIAN-CVE-2023-4863
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical...
CVE-2023-4863
Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical...
Heap-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow when the ReadHuffmanCodes function is used. An attacker can craft a special WebP lossless file that triggers the ReadHuffmanCodes function to allocate the HuffmanCode buffer with a size that comes from an arra...
Ubuntu 16.04 ESM : libwebp vulnerability (USN-6078-2)
The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-6078-2 advisory. USN-6078-1 fixed a vulnerability in libwebp. This update provides the corresponding update for Ubuntu 16.04 LTS. Tenable has extracted the preceding description...
AZL-27181 CVE-2023-1999 affecting package libwebp for versions less than 1.3.2-1
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to tria...
DEBIAN-CVE-2023-1999
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to tria...
The vulnerability of theEncodeAlphaInternal() function in the libwebp library allows for manipulation of image encoding and decoding processes in the WebP format by browsers such as Mozilla Firefox, Firefox ESR, and the email client Thunderbird. This vulnerability enables a malicious actor to cause service interruptions.
The vulnerability of theEncodeAlphaInternal function in the libwebp library, which is used for encoding and decoding images in the WebP format for browsers such as Mozilla Firefox, Firefox ESR, and the Thunderbird email client, is related to a repeated memory release mechanism. Exploiting this...
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 : libwebp vulnerability (USN-6078-1)
The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6078-1 advisory. Irvan Kurniawan discovered that libwebp incorrectly handled certain memory operations. If a user or automated system were tricked...
PT-2023-2930 · Google +9 · Libwebp +9
Name of the Vulnerable Software and Affected Versions: libwebp affected versions not specified Description: The issue is related to a use after free/double free in libwebp, which can be exploited by an attacker using the ApplyFiltersAndEncode function. This can lead to a denial of service. The...
ROS-2-2215
2.2215 Multiple vulnerabilities in libwebp 1. Vulnerability Description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
ROS-2-1834
2.1834 Multiple vulnerabilities in libwebp 1. Vulnerability description: CVE-2020-36332 A vulnerability in the libwebp library for encoding and decoding WebP images, is related to improper control of internal resource consumption. Exploitation of the vulnerability could allow an attacker acting...
The vulnerability of the libwebp library regarding the encoding and decoding of WebP images, which is related to buffer overflow in the “heap”, allows attackers to execute arbitrary code.
The vulnerability of the libwebp library for encoding and decoding WebP images is related to buffer overflow in the “bucket” mechanism. Exploiting this vulnerability could allow a remote attacker to execute arbitrary code by creating a specially crafted file...