A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().

...

nodejs-npm-user-validate: improper input validation when validating user emails leads to ReDoS

This affects the package npm-user-validate before 1.0.1. The regex that validates user emails took exponentially longer to process long input strings beginning with @ characters...

PT-2018-3682 · Google +9 · Libwebp +9

Name of the Vulnerable Software and Affected Versions: libwebp versions prior to 1.0.1 Description: A heap-based buffer overflow was found in the GetLE24 function, which can be exploited by creating a specially crafted file, potentially allowing a remote attacker to access confidential informatio...