CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-25011 – libwebp: heap-based buffer overflow in PutLE16()
https://notcve.org/view.php?id=CVE-2018-25011
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16(). Se encontró un desbordamiento de búfer basado en la pila en libwebp en versiones anteriores a la 1.0.1 en PutLE16() A flaw was found in libwebp. A heap-based buffer overflow was found in PutLE16(). The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9119 https://bugzilla.redhat.com/show_bug.cgi?id=1956919 https://chromium.googlesource.com/webm/libwebp/+/v1.0.1 https://chromium.googlesource.com/webm/libwebp/+log/be738c6d396fa5a272c1b209be4379a7532debfe..29fb8562c60b5a919a75d904ff7366af423f8ab9?pretty=fuller&n=10000 https://access.redhat.com/security/cve/CVE-2018-25011 • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-25010 – libwebp: out-of-bounds read in ApplyFilter()
https://notcve.org/view.php?id=CVE-2018-25010
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter(). Se encontró un desbordamiento de búfer basado en la pila en libwebp en versiones anteriores a la 1.0.1 en ApplyFilter() A flaw was found in libwebp. An out-of-bounds read was found in function ApplyFilter. The highest threat from this vulnerability is to data confidentiality and to the service availability. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9105 https://bugzilla.redhat.com/show_bug.cgi?id=1956918 https://chromium.googlesource.com/webm/libwebp/+/1344a2e947c749d231141a295327e5b99b444d63 https://access.redhat.com/security/cve/CVE-2018-25010 • CWE-125: Out-of-bounds Read •
CVSS: 9.1EPSS: 0%CPEs: 2EXPL: 0CVE-2018-25009 – libwebp: out-of-bounds read in WebPMuxCreateInternal
https://notcve.org/view.php?id=CVE-2018-25009
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16(). Se encontró un desbordamiento de búfer basado en la pila en libwebp en versiones anteriores a la 1.0.1 en GetLE16() A flaw was found in libwebp. An out-of-bounds read was found in function WebPMuxCreateInternal. The highest threat from this vulnerability is to data confidentiality and to the service availability. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=9100 https://bugzilla.redhat.com/show_bug.cgi?id=1956917 https://chromium.googlesource.com/webm/libwebp/+/95fd65070662e01cc9170c4444f5c0859a710097 https://access.redhat.com/security/cve/CVE-2018-25009 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2020-36332 – libwebp: excessive memory allocation when reading a file
https://notcve.org/view.php?id=CVE-2020-36332
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Al leer un archivo, libwebp asigna una cantidad excesiva de memoria. • https://bugzilla.redhat.com/show_bug.cgi?id=1956868 https://security.netapp.com/advisory/ntap-20211104-0004 https://www.debian.org/security/2021/dsa-4930 https://access.redhat.com/security/cve/CVE-2020-36332 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2020-36331 – libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c
https://notcve.org/view.php?id=CVE-2020-36331
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability. Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Se encontró una lectura fuera de límites en la función ChunkAssignData. • http://seclists.org/fulldisclosure/2021/Jul/54 https://bugzilla.redhat.com/show_bug.cgi?id=1956856 https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html https://security.netapp.com/advisory/ntap-20211112-0001 https://support.apple.com/kb/HT212601 https://www.debian.org/security/2021/dsa-4930 https://access.redhat.com/security/cve/CVE-2020-36331 • CWE-125: Out-of-bounds Read •