15 matches found
CVE-2023-1999
AFFECTED SOFTWARE: libwebp library. VULNERABILITY: use-after-free/double-free in the VP8/ApplyFiltersAndEncode path. ROOT CAUSE: memory mismanagement leading to a double free when freeing best.bw and a trailing trial pointer, with AddressSanitizer detecting a double free. IMPACT: potential memory...
CVE-2023-4863
CVE-2023-4863 describes a heap buffer overflow in libwebp used by Google Chrome prior to 116.0.5845.187 and in libwebp 1.3.2. A remote attacker can cause an out-of-bounds memory write by presenting a crafted HTML page. The vulnerability is exploitable over the network and requires user interactio...
CVE-2020-36328
CVE-2020-36328 concerns a heap-based buffer overflow in libwebp where WebPDecodeRGBInto may overflow due to an invalid buffer-size check, impacting data confidentiality, integrity, and availability. It affects versions before 1.0.1; multiple connected advisories confirm the same root cause and ve...
CVE-2018-25013
CVE-2018-25013 is a heap-based buffer overflow in libwebp’s ShiftBytes() found in versions before 1.0.1. The issue affects libwebp (WebP codec library) and can lead to memory corruption in image processing. Public references in multiple advisories confirm the vulnerability and recommend upgrading...
CVE-2020-36330
CVE-2020-36330 describes an out-of-bounds read in libwebp prior to version 1.0.1, triggered in the ChunkVerifyAndAssign function. The documented impact is data confidentiality loss and reduced availability. Public references in the Connected documents corroborate the flaw in libwebp and align wit...
CVE-2020-36329
CVE-2020-36329 is a libwebp use-after-free vulnerability present in versions before 1.0.1, caused by a thread being killed too early. The impact can affect data confidentiality, integrity, and system availability. Remediation is via updates/patches provided by distributions; notable fixes include...
CVE-2018-25011
CVE-2018-25011 affects libwebp prior to 1.0.1. Root cause: heap-based buffer overflow in PutLE16() that can affect data confidentiality, integrity, and availability. Documentation indicates a patch/update to version 1.0.1 or later; downstream advisories reference this fix in various Linux distrib...
CVE-2018-25012
CVE-2018-25012 : A heap-based buffer overflow is present in libwebp’s GetLE24() in versions prior to 1.0.1. Affected component: libwebp library. Remediation: upgrade to libwebp 1.0.1 or newer (various advisories note this patch). Note: connected documents corroborate the issue across multiple ven...
CVE-2020-36332
CVE-2020-36332 affects the libwebp library (versions before 1.0.1). The issue is an excessive memory allocation when reading a file, as described across multiple connected advisories (e.g., AlmaLinux, Debian DSA, CNVD). Impact is primarily availability-related (denial of service potential). Affec...
CVE-2018-25009
CVE-2018-25009 is a heap-based buffer overflow in libwebp GetLE16() affecting versions before 1.0.1. The issue can lead to memory corruption with potential impact on confidentiality/availability. Mitigation: upgrade libwebp to 1.0.1 or later; several advisories document this fix across distributi...
CVE-2020-36331
CVE-2020-36331 affects libwebp prior to 1.0.1, with an out-of-bounds read in the ChunkAssignData path (mux/muxinternal.c). The vulnerability impacts data confidentiality and availability. Public documents confirm the root cause as out-of-bounds read in the specified function, and multiple advisor...
CVE-2018-25010
CVE-2018-25010 affects libwebp; a heap-based buffer overflow occurs in ApplyFilter() in versions before 1.0.1. Public documents consistently describe an out-of-bounds condition in libwebp that can crash the library and potentially enable arbitrary code execution. Affected advisories and vendor bu...
CVE-2018-25014
CVE-2018-25014 affects the libwebp library: a use of an uninitialized value is present in ReadSymbol() in versions before 1.0.1. The issue is documented across multiple advisories (e.g., ALAS2/AlmaLinux notices) and is associated with libwebp data integrity/confidentiality/availability risks. A f...
CVE-2016-9969
CVE-2016-9969 is a memory-management vulnerability in libwebp 0.5.1, specifically a double free in libwebpmux. Red Hat and SUSE advisories and other vendor/NVD records consistently reference a double-free issue (e.g., SetFrame() path noted by SUSE). Public details across connected documents confi...
CVE-2016-9085
CVE-2016-9085 corresponds to multiple integer overflows in libwebp, affecting the WebP image library (notably the gif2webp tool). The provided connected documents corroborate this vulnerability as involving libwebp with unspecified impact via unknown vectors; no exploit details are included in th...