NewStart CGSL MAIN 6.02 : libwebp Multiple Vulnerabilities (NS-SA-2022-0091)

The remote NewStart CGSL host, running version MAIN 6.02, has libwebp packages installed that are affected by multiple vulnerabilities: - A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16. CVE-2018-25009 - A heap-based buffer overflow was found in libwebp in...

Out-of-bound Read

libwebp is vulnerable to Out-of-bound Read vulnerability. The vulnerability exists in the ShiftBytes function which allows a malicious attacker to read sensitive data in the system...

CVE-2018-25013

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes...

CVE-2018-25013

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes...

CVE-2018-25013

CVE-2018-25013 is a heap-based buffer overflow in libwebp’s ShiftBytes() found in versions before 1.0.1. The issue affects libwebp (WebP codec library) and can lead to memory corruption in image processing. Public references in multiple advisories confirm the vulnerability and recommend upgrading...

CVE-2018-25013

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes...

CVE-2018-25013

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes...

libwebp/fuzz_advanced_api: Heap-use-after-free in ShiftBytes

Project: https://chromium.googlesource.com/webm/libwebp Detailed report: https://oss-fuzz.com/testcase?key=5638028289638400 Project: libwebp Fuzzer: libFuzzerlibwebpfuzzadvancedapi Fuzz target binary: fuzzadvancedapi Job Type: libfuzzerasanlibwebp Platform Id: linux Crash Type: Heap-use-after-fre...