Описание
ELSA-2023-2077: libwebp security update (IMPORTANT)
[0.3.0-11]
- Added fix for mzbz#1819244
Обновленные пакеты
Oracle Linux 7
Oracle Linux aarch64
libwebp
0.3.0-11.el7
libwebp-devel
0.3.0-11.el7
libwebp-java
0.3.0-11.el7
libwebp-tools
0.3.0-11.el7
Oracle Linux x86_64
libwebp
0.3.0-11.el7
libwebp-devel
0.3.0-11.el7
libwebp-java
0.3.0-11.el7
libwebp-tools
0.3.0-11.el7
Связанные CVE
Связанные уязвимости
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
There exists a use after free/double free in libwebp. An attacker can ...