CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36332 – libwebp: excessive memory allocation when reading a file
https://notcve.org/view.php?id=CVE-2020-36332
21 May 2021 — A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Al leer un archivo, libwebp asigna una cantidad excesiva de memoria. • https://bugzilla.redhat.com/show_bug.cgi?id=1956868 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-36331 – libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c
https://notcve.org/view.php?id=CVE-2020-36331
21 May 2021 — A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró una lectura fuera de límites en la función ChunkAssignData. • http://seclists.org/fulldisclosure/2021/Jul/54 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-36330 – libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c
https://notcve.org/view.php?id=CVE-2020-36330
21 May 2021 — A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró una lectura fuera de límites en la función ChunkVerifyAndAssign. • http://seclists.org/fulldisclosure/2021/Jul/54 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-36329 – libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c
https://notcve.org/view.php?id=CVE-2020-36329
21 May 2021 — A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró un uso de la memoria previamente liberada debido a que un subproceso se eliminó demasiado pronto. • http://seclists.org/fulldisclosure/2021/Jul/54 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 8EXPL: 0CVE-2020-36328 – libwebp: heap-based buffer overflow in WebPDecode*Into functions
https://notcve.org/view.php?id=CVE-2020-36328
21 May 2021 — A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Un desbordamiento del búfer en la región heap de la memoria en la función WebPDecodeRGBInto es posible debido a una verificación no válida del tamaño del búfer. • http://seclists.org/fulldisclosure/2021/Jul/54 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2016-9969
https://notcve.org/view.php?id=CVE-2016-9969
23 May 2019 — In libwebp 0.5.1, there is a double free bug in libwebpmux. En libwebp versión 0.5.1, hay un error de doble liberación (Double Free) en libwebpmux. • https://bugs.chromium.org/p/webp/issues/detail?id=322 • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-9746
https://notcve.org/view.php?id=CVE-2019-9746
13 Mar 2019 — In libwebm before 2019-03-08, a NULL pointer dereference caused by the functions OutputCluster and OutputTracks in webm_info.cc will trigger an abort, which allows a DoS attack, a similar issue to CVE-2018-19212. En libwebm, en CVErsiones anteriores al 08/03/2019, una desreferencia de puntero NULL provocada por las funciones OutputCluster y OutputTracks en webm_info.cc desencadenarán una aborción, lo que permite un ataque de denegación de servicio. Este problema es similar a CCVE-2018-19212. • https://bugs.chromium.org/p/webm/issues/detail?id=1605 • CWE-476: NULL Pointer Dereference •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19212
https://notcve.org/view.php?id=CVE-2018-19212
12 Nov 2018 — In libwebm through 2018-10-03, there is an abort caused by libwebm::Webm2Pes::InitWebmParser() that will lead to a DoS attack. En libwebm hasta el 2018-10-03, hay un aborto provocado por libwebm::Webm2Pes::InitWebmParser() que conducirá a un ataque de denegación de servicio (DoS). • https://bugzilla.redhat.com/show_bug.cgi?id=1644196 • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-6548
https://notcve.org/view.php?id=CVE-2018-6548
02 Feb 2018 — A use-after-free issue was discovered in libwebm through 2018-02-02. If a Vp9HeaderParser was initialized once before, its property frame_ would not be changed because of code in vp9parser::Vp9HeaderParser::SetFrame. Its frame_ could be freed while the corresponding pointer would not be updated, leading to a dangling pointer. This is related to the function OutputCluster in webm_info.cc. Se ha descubierto una vulnerabilidad de uso de memoria previamente liberada en libwebm hasta el 02-02-2018. • https://bugs.chromium.org/p/webm/issues/detail?id=1493 • CWE-416: Use After Free •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6406
https://notcve.org/view.php?id=CVE-2018-6406
30 Jan 2018 — The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in libwebm through 2018-01-30 does not validate the child_frame_length data obtained from a .webm file, which allows remote attackers to cause an information leak or a denial of service (heap-based buffer over-read and later out-of-bounds write), or possibly have unspecified other impact. La función ParseVP9SuperFrameIndex en common/libwebm_util.cc en libwebm, hasta la versión 2018-01-30, no valida los datos child_frame_length obtenidos de un ar... • https://bugs.chromium.org/p/webm/issues/detail?id=1492 • CWE-125: Out-of-bounds Read •