Описание
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
Релиз | Статус | Примечание |
---|---|---|
bionic | ignored | end of standard support |
devel | not-affected | 1.2.4-0.3 |
esm-infra-legacy/trusty | not-affected | |
esm-infra/bionic | not-affected | |
esm-infra/focal | not-affected | |
esm-infra/xenial | not-affected | |
focal | not-affected | |
jammy | not-affected | |
lunar | not-affected | |
mantic | not-affected | 1.2.4-0.3 |
Показывать по
Связанные уязвимости
This CVE ID has been rejected by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Duplicate of CVE-2023-4863.
With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap. The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use. The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue.