Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-36329

Опубликовано: 21 мая 2021
Источник: nvd
CVSS3: 9.8
CVSS2: 7.5
EPSS Низкий

Описание

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:webmproject:libwebp:*:*:*:*:*:*:*:*
Версия до 1.0.1 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 5

Одно из

cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Версия до 14.7 (исключая)
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Версия до 14.7 (исключая)

EPSS

Процентиль: 68%
0.00574
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416
CWE-416

Связанные уязвимости

ubuntu логотип

CVE-2020-36329

CVSS3: 9.8
ubuntu
около 4 лет назад

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

redhat логотип

CVE-2020-36329

CVSS3: 9.8
redhat
больше 5 лет назад

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

msrc логотип

CVE-2020-36329

CVSS3: 9.8
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2020-36329

CVSS3: 9.8
debian
около 4 лет назад

A flaw was found in libwebp in versions before 1.0.1. A use-after-free ...

github логотип

GHSA-mprg-gw36-367p

CVSS3: 9.8
github
около 3 лет назад

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

EPSS

Процентиль: 68%
0.00574
Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-416
CWE-416