Search CVE reports
1 – 10 of 15 results
CVE-2023-4863
Medium priorityHeap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)
4 affected packages
chromium-browser, firefox, libwebp, thunderbird
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| chromium-browser | Not affected | Not affected | Not affected | Ignored | Ignored |
| firefox | Not affected | Not affected | Fixed | Ignored | Ignored |
| libwebp | Fixed | Fixed | Fixed | Fixed | Not affected |
| thunderbird | Fixed | Fixed | Fixed | Ignored | Ignored |
CVE-2023-1999
Medium prioritySome fixes available 8 of 23
There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out...
8 affected packages
firefox, libwebp, mozjs38, mozjs52, mozjs68...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Not affected | Ignored |
| libwebp | Fixed | Fixed | Fixed | Fixed | Fixed |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs68 | Not in release | Not in release | Ignored | Not in release | Not in release |
| mozjs78 | Not in release | Ignored | Not in release | Not in release | Not in release |
| mozjs91 | Not in release | Ignored | Not in release | Not in release | Not in release |
| thunderbird | Ignored | Ignored | Ignored | Ignored | Ignored |
CVE-2020-36332
Low prioritySome fixes available 10 of 11
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
1 affected packages
libwebp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libwebp | Fixed | Fixed | Fixed | Fixed | Vulnerable |
CVE-2020-36331
Medium priorityA flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
1 affected packages
libwebp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libwebp | — | Fixed | Fixed | Fixed | Fixed |
CVE-2020-36330
Medium priorityA flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
1 affected packages
libwebp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libwebp | — | Fixed | Fixed | Fixed | Fixed |
CVE-2020-36329
Medium priorityA flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
1 affected packages
libwebp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libwebp | — | Fixed | Fixed | Fixed | Fixed |
CVE-2020-36328
Medium priorityA flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to...
1 affected packages
libwebp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libwebp | — | Fixed | Fixed | Fixed | Fixed |
CVE-2016-9969
Medium priorityIn libwebp 0.5.1, there is a double free bug in libwebpmux.
9 affected packages
firefox, godot, libwebp, mozjs38, mozjs52...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| firefox | Not affected | Not affected | Not affected | Not affected | Not affected |
| godot | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Not in release |
| libwebp | Not affected | Not affected | Not affected | Not affected | Not affected |
| mozjs38 | Not in release | Not in release | Not in release | Ignored | Not in release |
| mozjs52 | Not in release | Not in release | Ignored | Ignored | Not in release |
| mozjs60 | Not in release | Not in release | Not in release | Not in release | Not in release |
| qtimageformats-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| qtwebengine-opensource-src | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Not in release |
| thunderbird | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2018-25014
Medium priorityA use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().
1 affected packages
libwebp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libwebp | — | Fixed | Fixed | Fixed | Fixed |
CVE-2018-25013
Medium priorityA heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
1 affected packages
libwebp
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| libwebp | — | Fixed | Fixed | Fixed | Fixed |