CVE-2018-25012

Опубликовано: 21 мая 2021

Источник: nvd

CVSS3: 9.1

CVSS2: 6.4

EPSS Низкий

Описание

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().

Ссылки

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123
Issue Tracking
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1956922
Issue Tracking
Patch
Third Party Advisory
https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097
Third Party Advisory
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123
Issue Tracking
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1956922
Issue Tracking
Patch
Third Party Advisory
https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*

Версия до 1.0.1 (исключая)

Конфигурация 2

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 41%

0.00189

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-125

Связанные уязвимости

CVE-2018-25012

CVSS3: 9.1

ubuntu

около 4 лет назад

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().

CVE-2018-25012

CVSS3: 9.1

redhat

почти 7 лет назад

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().

CVE-2018-25012

CVSS3: 9.1

msrc

около 4 лет назад

Описание отсутствует

CVE-2018-25012

CVSS3: 9.1

debian

около 4 лет назад

A heap-based buffer overflow was found in libwebp in versions before 1 ...

GHSA-x5pq-pm4r-vx73

CVSS3: 9.1

github

около 3 лет назад

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.

EPSS

Процентиль: 41%

0.00189

Низкий

9.1 Critical

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-125