Описание
ELSA-2023-2078: libwebp security update (IMPORTANT)
[1.2.0-6]
- Fix tools subpackage dependency
[1.2.0-4]
- Added fix for mzbz#1819244
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
libwebp
1.2.0-6.el9_1
libwebp-devel
1.2.0-6.el9_1
Oracle Linux x86_64
libwebp
1.2.0-6.el9_1
libwebp-devel
1.2.0-6.el9_1
Связанные CVE
Связанные уязвимости
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
There exists a use after free/double free in libwebp. An attacker can ...