Описание
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 112.0.2+build1-0ubuntu0.18.04.1 |
| devel | not-affected | |
| esm-infra/focal | DNE | |
| focal | not-affected | |
| jammy | not-affected | |
| kinetic | not-affected | |
| lunar | not-affected | |
| mantic | not-affected | |
| noble | not-affected | |
| oracular | not-affected |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 0.6.1-2ubuntu0.18.04.2 |
| devel | released | 1.2.4-0.1ubuntu1 |
| esm-infra-legacy/trusty | needs-triage | |
| esm-infra/bionic | not-affected | 0.6.1-2ubuntu0.18.04.2 |
| esm-infra/focal | not-affected | 0.6.1-2ubuntu0.20.04.2 |
| esm-infra/xenial | released | 0.4.4-1ubuntu0.1~esm2 |
| focal | released | 0.6.1-2ubuntu0.20.04.2 |
| jammy | released | 1.2.2-2ubuntu0.22.04.1 |
| kinetic | released | 1.2.2-2ubuntu0.22.10.1 |
| lunar | released | 1.2.4-0.1ubuntu0.23.04.1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/bionic | ignored | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| devel | DNE | |
| esm-apps/focal | ignored | |
| esm-infra/bionic | ignored | |
| focal | ignored | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra/focal | ignored | |
| focal | ignored | |
| jammy | DNE | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-apps/jammy | ignored | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | ignored | |
| kinetic | ignored | end of life, was needs-triage |
| lunar | ignored | end of life, was needs-triage |
| mantic | DNE | |
| noble | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | DNE | |
| devel | DNE | |
| esm-infra/focal | DNE | |
| focal | DNE | |
| jammy | ignored | |
| kinetic | DNE | |
| lunar | DNE | |
| mantic | DNE | |
| noble | DNE | |
| oracular | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| devel | ignored | bundled deps handled by new versions |
| esm-infra/focal | DNE | |
| focal | ignored | end of standard support, was ignored [bundled deps handled by new versions] |
| jammy | ignored | bundled deps handled by new versions |
| kinetic | ignored | end of life, was needed |
| lunar | ignored | end of life, was ignored [bundled deps handled by new versions] |
| mantic | ignored | end of life, was ignored [bundled deps handled by new versions] |
| noble | ignored | bundled deps handled by new versions |
| oracular | ignored | end of life, was ignored [bundled deps handled by new versions] |
Показывать по
Ссылки на источники
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free.
There exists a use after free/double free in libwebp. An attacker can ...
EPSS
5.3 Medium
CVSS3