Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-36331

Опубликовано: 25 фев. 2021
Источник: redhat
CVSS3: 9.1
EPSS Низкий

Описание

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.

A flaw was found in libwebp. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.

Отчет

This issue did not affect the versions of Firefox and Thunderbird as shipped with Red Hat Enterprise Linux 7, and 8 as they embed the fixed version of libwebp.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7firefoxOut of support scope
Red Hat Enterprise Linux 7libwebpOut of support scope
Red Hat Enterprise Linux 7qt5-qtimageformatsOut of support scope
Red Hat Enterprise Linux 7thunderbirdOut of support scope
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 8thunderbirdNot affected
Red Hat Enterprise Linux 9libwebpNot affected
Red Hat Enterprise Linux 8libwebpFixedRHSA-2021:423109.11.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-125
https://bugzilla.redhat.com/show_bug.cgi?id=1956856libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c

EPSS

Процентиль: 50%
0.00269
Низкий

9.1 Critical

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-36331

CVSS3: 9.1
ubuntu
около 4 лет назад

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.

nvd логотип

CVE-2020-36331

CVSS3: 9.1
nvd
около 4 лет назад

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.

msrc логотип

CVE-2020-36331

CVSS3: 9.1
msrc
около 4 лет назад

Описание отсутствует

debian логотип

CVE-2020-36331

CVSS3: 9.1
debian
около 4 лет назад

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds ...

github логотип

GHSA-hrq2-3wxg-w5m6

CVSS3: 9.1
github
около 3 лет назад

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.

EPSS

Процентиль: 50%
0.00269
Низкий

9.1 Critical

CVSS3