CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-25012 – libwebp: out-of-bounds read in WebPMuxCreateInternal()
https://notcve.org/view.php?id=CVE-2018-25012
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24(). Se encontró un desbordamiento de búfer basado en la pila en libwebp en versiones anteriores a la 1.0.1 en GetLE24() A flaw was found in libwebp. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9123 https://bugzilla.redhat.com/show_bug.cgi?id=1956922 https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097 https://access.redhat.com/security/cve/CVE-2018-25012 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-25011 – libwebp: heap-based buffer overflow in PutLE16()
https://notcve.org/view.php?id=CVE-2018-25011
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). Se encontró un desbordamiento de búfer basado en la pila en libwebp en versiones anteriores a la 1.0.1 en PutLE16() A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119 https://bugzilla.redhat.com/show_bug.cgi?id=1956919 https://chromium.googlesource.com/webm/libwebp/+/v1.0.1 https://chromium.googlesource.com/webm/libwebp/+log/be738c6d396fa5a272c1b209be4379a7532debfe..29fb8562c60b5a919a75d904ff7366af423f8ab9?pretty=fuller&n=10000 https://access.redhat.com/security/cve/CVE-2018-25011 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-25010 – libwebp: out-of-bounds read in ApplyFilter()
https://notcve.org/view.php?id=CVE-2018-25010
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). Se encontró un desbordamiento de búfer basado en la pila en libwebp en versiones anteriores a la 1.0.1 en ApplyFilter() A flaw was found in libwebp. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105 https://bugzilla.redhat.com/show_bug.cgi?id=1956918 https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63 https://access.redhat.com/security/cve/CVE-2018-25010 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-25009 – libwebp: out-of-bounds read in WebPMuxCreateInternal
https://notcve.org/view.php?id=CVE-2018-25009
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). Se encontró un desbordamiento de búfer basado en la pila en libwebp en versiones anteriores a la 1.0.1 en GetLE16() A flaw was found in libwebp. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100 https://bugzilla.redhat.com/show_bug.cgi?id=1956917 https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097 https://access.redhat.com/security/cve/CVE-2018-25009 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36332 – libwebp: excessive memory allocation when reading a file
https://notcve.org/view.php?id=CVE-2020-36332
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Al leer un archivo, libwebp asigna una cantidad excesiva de memoria. • https://bugzilla.redhat.com/show_bug.cgi?id=1956868 https://security.netapp.com/advisory/ntap-20211104-0004 https://www.debian.org/security/2021/dsa-4930 https://access.redhat.com/security/cve/CVE-2020-36332 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •