Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Libwebp
(Webmproject)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 15 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-12 | CVE-2023-4863 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | Debian_linux, Fedora, Chrome, Edge, Firefox, Firefox_esr, Thunderbird, Libwebp | 8.8 | ||
| 2017-02-03 | CVE-2016-9085 | Multiple integer overflows in libwebp allows attackers to have unspecified impact via unknown vectors. | Fedora, Libwebp | 3.3 | ||
| 2021-05-21 | CVE-2020-36332 | A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. | Debian_linux, Ontap_select_deploy_administration_utility, Enterprise_linux, Libwebp | 7.5 | ||
| 2023-06-20 | CVE-2023-1999 | There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. | Libwebp | 7.5 | ||
| 2021-05-21 | CVE-2018-25012 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). | Enterprise_linux, Libwebp | 9.1 | ||
| 2021-05-21 | CVE-2018-25009 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). | Enterprise_linux, Libwebp | 9.1 | ||
| 2021-05-21 | CVE-2018-25010 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). | Enterprise_linux, Libwebp | 9.1 | ||
| 2021-05-21 | CVE-2018-25011 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). | Enterprise_linux, Libwebp | 9.8 | ||
| 2021-05-21 | CVE-2018-25013 | A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes(). | Enterprise_linux, Libwebp | 9.1 | ||
| 2021-05-21 | CVE-2018-25014 | A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol(). | Enterprise_linux, Libwebp | 9.8 |