Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2023:2078

Опубликовано: 05 мая 2023
Источник: rocky
Оценка: Important

Описание

Important: libwebp security update

The libwebp packages provide a library and tools for the WebP graphics format. WebP is an image format with a lossy compression of digital photographic images. WebP consists of a codec based on the VP8 format, and a container based on the Resource Interchange File Format (RIFF). Webmasters, web developers and browser developers can use WebP to compress, archive, and distribute digital images more efficiently.

Security Fix(es):

  • Mozilla: libwebp: Double-free in libwebp (CVE-2023-1999)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
libwebpx86_646.el9_1.0.1libwebp-1.2.0-6.el9_1.0.1.x86_64.rpm
libwebp-develx86_646.el9_1.0.1libwebp-devel-1.2.0-6.el9_1.0.1.x86_64.rpm

Показывать по

Связанные CVE

Исправления

Связанные уязвимости

CVSS3: 5.3
ubuntu
около 2 лет назад

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.

CVSS3: 7.5
redhat
больше 2 лет назад

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.

CVSS3: 5.3
nvd
около 2 лет назад

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.

msrc
почти 2 года назад

Chromium: CVE-2023-1999 Use after free in libwebp

CVSS3: 5.3
debian
около 2 лет назад

There exists a use after free/double free in libwebp. An attacker can ...