CVE-2018-6406

CVE-2018-6406 affects libwebm: the ParseVP9SuperFrameIndex function in common/libwebm_util.cc does not validate child_frame_length from a .webm file, allowing remote attackers to cause information leaks or a denial of service via a heap-based buffer over-read and subsequent out-of-bounds write. T...

CVE-2018-6548

CVE-2018-6548 affects libwebm and describes a use-after-free in Vp9HeaderParser: if a Vp9HeaderParser was initialized before, frame_ could be freed while the pointer wasn’t updated, related to OutputCluster in webm_info.cc. Impact is use-after-free with potential memory corruption; in NVD/OSV ent...

CVE-2019-9746

CVE-2019-9746 affects libwebm prior to 2019-03-08, where a NULL pointer dereference in webm_info.cc (OutputCluster/OutputTracks) can trigger an abort and cause a DoS. The issue is related to (and similar to) CVE-2018-19212; Red Hat’s RH:CVE-2019-9746 entry also documents the same abort-based DoS ...

CVE-2018-19212

CVE-2018-19212 affects the libwebm project. The issue is an abort in libwebm::Webm2Pes::InitWebmParser() observed through 2018-10-03, which can cause a DoS by terminating the process. The primary impact is availability (partial) per CVSS and there are multiple Red Hat/Ubuntu/NVD entries confirmin...