Описание
A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in libwebp in versions before 1.0.1. An unitialized variable is used in function ReadSymbol. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2018-25014
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9496
- https://bugzilla.redhat.com/show_bug.cgi?id=1956927
- https://chromium.googlesource.com/webm/libwebp/+log/78ad57a36ad69a9c22874b182d49d64125c380f2..907208f97ead639bd52
- https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html
- https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html
- https://security.netapp.com/advisory/ntap-20211104-0004
- https://support.apple.com/kb/HT212601
- https://www.debian.org/security/2021/dsa-4930
- http://seclists.org/fulldisclosure/2021/Jul/54
Связанные уязвимости
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
A use of uninitialized value was found in libwebp in versions before 1 ...