CVE-2020-36328
libwebp: heap-based buffer overflow in WebPDecode*Into functions
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Se encontró un fallo en libwebp en versiones anteriores a 1.0.1. Un desbordamiento del búfer en la región heap de la memoria en la función WebPDecodeRGBInto es posible debido a una verificación no válida del tamaño del búfer. La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, así como la disponibilidad del sistema
A flaw was found in libwebp. A heap-based buffer overflow in functions WebPDecode*Into is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-04 CVE Reserved
- 2021-05-21 CVE Published
- 2024-02-04 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/fulldisclosure/2021/Jul/54 | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2021/06/msg00005.html | Mailing List |
|
| https://lists.debian.org/debian-lts-announce/2021/06/msg00006.html | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20211112-0001 | Third Party Advisory |
|
| https://support.apple.com/kb/HT212601 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1956829 | 2021-06-09 |
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2021/dsa-4930 | 2023-01-09 | |
| https://access.redhat.com/security/cve/CVE-2020-36328 | 2021-06-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Webmproject Search vendor "Webmproject" | Libwebp Search vendor "Webmproject" for product "Libwebp" | < 1.0.1 Search vendor "Webmproject" for product "Libwebp" and version " < 1.0.1" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 7.0 Search vendor "Redhat" for product "Enterprise Linux" and version "7.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Netapp Search vendor "Netapp" | Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility" | - | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Ipados Search vendor "Apple" for product "Ipados" | 14.7 Search vendor "Apple" for product "Ipados" and version "14.7" | - |
Affected
| ||||||
| Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | 14.7 Search vendor "Apple" for product "Iphone Os" and version "14.7" | - |
Affected
| ||||||