Описание
Security update for libwebp
This update for libwebp fixes the following issues:
- CVE-2023-1999: Fixed double free (bsc#1210212).
Список пакетов
HPE Helion OpenStack 8
libwebpmux1-0.4.3-4.10.1
SUSE Linux Enterprise Server 12 SP2-BCL
libwebp5-0.4.3-4.10.1
libwebp5-32bit-0.4.3-4.10.1
libwebpdemux1-0.4.3-4.10.1
SUSE Linux Enterprise Server 12 SP4-ESPOS
libwebp5-0.4.3-4.10.1
libwebp5-32bit-0.4.3-4.10.1
libwebpdemux1-0.4.3-4.10.1
SUSE Linux Enterprise Server 12 SP4-LTSS
libwebp5-0.4.3-4.10.1
libwebp5-32bit-0.4.3-4.10.1
libwebpdemux1-0.4.3-4.10.1
SUSE Linux Enterprise Server 12 SP5
libwebp5-0.4.3-4.10.1
libwebp5-32bit-0.4.3-4.10.1
libwebpdemux1-0.4.3-4.10.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libwebp5-0.4.3-4.10.1
libwebp5-32bit-0.4.3-4.10.1
libwebpdemux1-0.4.3-4.10.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libwebp5-0.4.3-4.10.1
libwebp5-32bit-0.4.3-4.10.1
libwebpdemux1-0.4.3-4.10.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libwebp-devel-0.4.3-4.10.1
libwebpdecoder1-0.4.3-4.10.1
libwebpmux1-0.4.3-4.10.1
SUSE OpenStack Cloud 8
libwebpmux1-0.4.3-4.10.1
SUSE OpenStack Cloud 9
libwebp5-0.4.3-4.10.1
libwebp5-32bit-0.4.3-4.10.1
libwebpdemux1-0.4.3-4.10.1
libwebpmux1-0.4.3-4.10.1
SUSE OpenStack Cloud Crowbar 8
libwebpmux1-0.4.3-4.10.1
SUSE OpenStack Cloud Crowbar 9
libwebp5-0.4.3-4.10.1
libwebp5-32bit-0.4.3-4.10.1
libwebpdemux1-0.4.3-4.10.1
libwebpmux1-0.4.3-4.10.1
Ссылки
- Link for SUSE-SU-2023:2552-1
- E-Mail link for SUSE-SU-2023:2552-1
- SUSE Security Ratings
- SUSE Bug 1210212
- SUSE CVE CVE-2023-1999 page
Описание
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
Затронутые продукты
HPE Helion OpenStack 8:libwebpmux1-0.4.3-4.10.1
SUSE Linux Enterprise Server 12 SP2-BCL:libwebp5-0.4.3-4.10.1
SUSE Linux Enterprise Server 12 SP2-BCL:libwebp5-32bit-0.4.3-4.10.1
SUSE Linux Enterprise Server 12 SP2-BCL:libwebpdemux1-0.4.3-4.10.1
Ссылки
- CVE-2023-1999
- SUSE Bug 1213054
- SUSE Bug 1217159