Описание
Security update for libwebp
This update for libwebp fixes the following issues:
- CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685).
- CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691).
- CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674).
- CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).
- CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690).
- CVE-2020-36328: Fixed heap-based buffer overflow in WebPDecode*Into functions (bsc#1185688).
- CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654).
- CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686).
- CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673).
- CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).
Список пакетов
openSUSE Leap 15.3
Ссылки
- E-Mail link for openSUSE-SU-2021:1860-1
- SUSE Security Ratings
- SUSE Bug 1185652
- SUSE Bug 1185654
- SUSE Bug 1185673
- SUSE Bug 1185674
- SUSE Bug 1185685
- SUSE Bug 1185686
- SUSE Bug 1185688
- SUSE Bug 1185690
- SUSE Bug 1185691
- SUSE Bug 1186247
- SUSE CVE CVE-2018-25009 page
- SUSE CVE CVE-2018-25010 page
- SUSE CVE CVE-2018-25011 page
- SUSE CVE CVE-2018-25012 page
- SUSE CVE CVE-2018-25013 page
- SUSE CVE CVE-2020-36328 page
- SUSE CVE CVE-2020-36329 page
- SUSE CVE CVE-2020-36330 page
Описание
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().
Затронутые продукты
Ссылки
- CVE-2018-25009
- SUSE Bug 1185673
Описание
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
Затронутые продукты
Ссылки
- CVE-2018-25010
- SUSE Bug 1185685
Описание
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().
Затронутые продукты
Ссылки
- CVE-2018-25011
- SUSE Bug 1186247
Описание
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
Затронутые продукты
Ссылки
- CVE-2018-25012
- SUSE Bug 1185690
Описание
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
Затронутые продукты
Ссылки
- CVE-2018-25013
- SUSE Bug 1185654
Описание
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-36328
- SUSE Bug 1185688
Описание
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-36329
- SUSE Bug 1185652
- SUSE Bug 1187486
Описание
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Затронутые продукты
Ссылки
- CVE-2020-36330
- SUSE Bug 1185691
- SUSE Bug 1187486
Описание
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Затронутые продукты
Ссылки
- CVE-2020-36331
- SUSE Bug 1185686
- SUSE Bug 1187486
Описание
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
Затронутые продукты
Ссылки
- CVE-2020-36332
- SUSE Bug 1185674
- SUSE Bug 1187486