Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-1999

Опубликовано: 20 июн. 2023
Источник: debian
EPSS Низкий

Описание

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
firefoxfixed112.0-1package
firefox-esrfixed102.10.0esr-1package
thunderbirdfixed1:102.10.0-1package
libwebpfixed1.2.4-0.2package

Примечания

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-13/#CVE-2023-1999

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-14/#CVE-2023-1999

  • https://www.mozilla.org/en-US/security/advisories/mfsa2023-15/#CVE-2023-1999

  • https://bugzilla.mozilla.org/show_bug.cgi?id=1819244 (not public)

  • https://hg.mozilla.org/releases/mozilla-esr102/rev/53b805c752ff23080e100eda2b3b4280d4370b2e

  • https://chromium.googlesource.com/webm/libwebp/+/4654e1e7381044717d5d3e0dd7e735633a3ff300 (1.3.0)

  • Fixed by: https://github.com/webmproject/libwebp/commit/a486d800b60d0af4cc0836bf7ed8f21e12974129 (v1.3.1-rc1)

  • Introduced by: https://github.com/webmproject/libwebp/commit/187d379db68839f76d1390be291c471f2f66644c (v0.5.0-rc1)

  • Introduced by: https://github.com/webmproject/libwebp/commit/5692eae1f3efd8b7b47398a9f5d74f1dc6f64e7f (backport; v0.4.2-rc2)

EPSS

Процентиль: 58%
0.00368
Низкий

Связанные уязвимости

CVSS3: 5.3
ubuntu
около 2 лет назад

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.

CVSS3: 7.5
redhat
больше 2 лет назад

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.

CVSS3: 5.3
nvd
около 2 лет назад

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.

msrc
почти 2 года назад

Chromium: CVE-2023-1999 Use after free in libwebp

suse-cvrf
около 2 лет назад

Security update for libwebp

EPSS

Процентиль: 58%
0.00368
Низкий