CVE-2018-25009

Опубликовано: 21 мая 2021

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 6.4

CVSS3: 9.1

Описание

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().

Релиз	Статус	Примечание
bionic	released	0.6.1-2ubuntu0.18.04.1
devel	released	0.6.1-2ubuntu1
esm-infra-legacy/trusty	not-affected	0.4.0-4ubuntu0.1~esm1
esm-infra/bionic	not-affected	0.6.1-2ubuntu0.18.04.1
esm-infra/focal	not-affected	0.6.1-2ubuntu0.20.04.1
esm-infra/xenial	released	0.4.4-1ubuntu0.1~esm1
focal	released	0.6.1-2ubuntu0.20.04.1
groovy	released	0.6.1-2ubuntu0.20.10.1
hirsute	released	0.6.1-2ubuntu0.21.04.1
impish	released	0.6.1-2ubuntu1

Показывать по

Ссылки на источники

EPSS

Процентиль: 58%

0.00373

Низкий

6.4 Medium

CVSS2

9.1 Critical

CVSS3

Связанные уязвимости

CVE-2018-25009

CVSS3: 9.1

redhat

почти 7 лет назад

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().

CVE-2018-25009

CVSS3: 9.1

nvd

около 4 лет назад

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().

CVE-2018-25009

CVSS3: 9.1

msrc

около 4 лет назад

Описание отсутствует

CVE-2018-25009

CVSS3: 9.1

debian

около 4 лет назад

A heap-based buffer overflow was found in libwebp in versions before 1 ...

GHSA-3rw8-24h2-6px6

CVSS3: 9.1

github

около 3 лет назад

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability.

EPSS

Процентиль: 58%

0.00373

Низкий

6.4 Medium

CVSS2

9.1 Critical

CVSS3

CVE-2018-25009

Описание

Пакет libwebp

Ссылки на источники

Связанные уязвимости