Описание
ELSA-2023-2076: libwebp security update (IMPORTANT)
[1.0.0-8]
- Added fix for mzbz#1819244
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
libwebp
1.0.0-8.el8_7
libwebp-devel
1.0.0-8.el8_7
Oracle Linux x86_64
libwebp
1.0.0-8.el8_7
libwebp-devel
1.0.0-8.el8_7
Связанные CVE
Связанные уязвимости
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
There exists a use after free/double free in libwebp. An attacker can ...