Memory Allocation with Excessive Size Value

Overview golang.org/x/image/webp is a Package webp implements a decoder for WEBP images. Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value. An attacker can cause a crash by supplying a WEBP image with an invalid, very large declared size, triggering a...

amaryllis (=0.1.0), archivist (=0.0.1) +26 more potentially affected by unknown CVE via webp (>=0.1.3 <=0.2.6)

webp CARGO version =0.1.3, =0.1.0, =0.0.4-alpha, =0.24.6, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.21.0, =0.21.0, =0.21.0, =0.21.0, =0.22.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-9Q78-27F3-2JMH...

amaryllis (=0.1.0), archivist (=0.0.1) +26 more potentially affected by unknown CVE via webp (>=0.1.3 <=0.2.6)

webp CARGO version =0.1.3, =0.1.0, =0.0.4-alpha, =0.24.6, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.21.0, =0.21.0, =0.21.0, =0.21.0, =0.22.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0443...

Important: firefox

Issue Overview: Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. Chromium security severity: Critical CVE-2023-4863 Affected Packages: firefox Note: This advisory is applicable to Amaz...

mextractor (>=1.0.0 <=1.2.1), sticker-convert (>=2.0.4 <=2.1.5) +1 more potentially affected by unknown CVE via webp (>=0.1.8 <=0.2.0)

webp PYPI version =0.1.8, =1.0.0, =2.0.4, =0.1.0, =0.1.2 Source cves: unknown CVE Source advisory: OSV:GHSA-F9PM-4G9P-6VM3...

Pegasus spyware and how it exploited a WebP vulnerability

Recent events have demonstrated very clearly just how persistent and wide-spread the Pegasus spyware is. For those that have missed the subtle clues, we have tried to construct a clear picture. We attempted to follow the timeline of events, but have made some adjustments to keep the flow of the...

PT-2023-32977 · Google · Libwebp

Name of the Vulnerable Software and Affected Versions: libwebp affected versions not specified Description: A heap buffer overflow issue in libwebp allows a remote attacker to perform an out-of-bounds memory write via a crafted webp image. Recommendations: At the moment, there is no information...

libwebp: out-of-bounds write with a specially crafted WebP lossless file

This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863...

GLSA-202309-05 : WebP: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202309-05 WebP: Multiple vulnerabilities - There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode function and loop through to free best.bw and assign best = trial pointer. The second...

USN-6369-1 libwebp vulnerability

It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary co...

html5-picture (>=0.0.4-alpha <=0.2.0), image-decompose (>=0.1.0 <=0.4.1) +1 more potentially affected by CVE-2023-4863 +1 more via webp (=0.1.3)

webp CARGO version =0.1.3 is affected by a known vulnerability. The following packages have a transitive dependency on webp and may be impacted: - html5-picture =0.0.4-alpha, =0.1.0, =0.4.1 - towebp =0.1.0 Source cves: CVE-2023-4863, CVE-2023-5129 Source advisory: OSV:GHSA-J7HP-H8JX-5PPR...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow when the ReadHuffmanCodes function is used. An attacker can craft a special WebP lossless file that triggers the ReadHuffmanCodes function to allocate the HuffmanCode buffer with a size that comes from an arra...

libwebp: out-of-bounds read in WebPMuxCreateInternal()

A flaw was found in libwebp. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability...

ImageMagick De-Zero Vulnerability (CNVD-2021-23797)

ImageMagick is a software for creating, editing, and composing images that can read, convert, and write images in many formats. A de-zero vulnerability exists in coders/webp.c in versions prior to ImageMagick 7.0.10-62. An attacker can exploit this vulnerability via specially crafted files to...

The vulnerability of the WriteWEBPImage function (coders/webp.c), a cross-platform library for working with graphics using GraphicsMagick, allows an attacker to execute arbitrary code.

The vulnerability of the WriteWEBPImage function coders/webp.c, a cross-platform library for working with graphics using GraphicsMagick, is related to a buffer overflow vulnerability. Exploiting this vulnerability could allow an attacker to execute arbitrary code remotely...

CVE-2018-12648

The WEBP::GetLE32 function in XMPFiles/source/FormatSupport/WEBPSupport.hpp in Exempi 2.4.5 has a NULL pointer dereference...

Specially crafted WebP images can be used to disclose random chunks of memory – Opera Security Advisories

WebP images may be used as fill patterns in a HTML5 Canvas, and the values of each pixel in the image can then be intentionally read using scripts. Specially crafted WebP images may specify the wrong size for certain parts of their data, which causes Opera to read data from the wrong positions in...