Search CVE reports


Toggle filters

1 – 10 of 15 results


CVE-2023-4863

Medium priority
Fixed

Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)

4 affected packages

chromium-browser, firefox, libwebp, thunderbird

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
chromium-browser Not affected Not affected Not affected Ignored Ignored
firefox Not affected Not affected Fixed Ignored Ignored
libwebp Fixed Fixed Fixed Fixed Not affected
thunderbird Fixed Fixed Fixed Ignored Ignored
Show less packages

CVE-2023-1999

Medium priority

Some fixes available 9 of 25

There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out...

8 affected packages

firefox, libwebp, mozjs38, mozjs52, mozjs68...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Not affected Not affected Ignored
libwebp Fixed Fixed Fixed Fixed Fixed
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs68 Not in release Not in release Ignored Not in release Not in release
mozjs78 Not in release Ignored Not in release Not in release Not in release
mozjs91 Not in release Ignored Not in release Not in release Not in release
thunderbird Ignored Ignored Ignored Ignored Ignored
Show all 8 packages Show less packages

CVE-2020-36332

Low priority

Some fixes available 11 of 12

A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.

1 affected package

libwebp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libwebp Fixed Fixed Fixed Fixed Vulnerable
Show less packages

CVE-2020-36331

Medium priority
Fixed

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.

1 affected package

libwebp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libwebp Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-36330

Medium priority
Fixed

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.

1 affected package

libwebp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libwebp Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-36329

Medium priority
Fixed

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

1 affected package

libwebp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libwebp Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-36328

Medium priority
Fixed

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to...

1 affected package

libwebp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libwebp Fixed Fixed Fixed Fixed
Show less packages

CVE-2016-9969

Medium priority
Needs evaluation

In libwebp 0.5.1, there is a double free bug in libwebpmux.

9 affected packages

firefox, godot, libwebp, mozjs38, mozjs52...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
firefox Not affected Not affected Not affected Not affected Not affected
godot Needs evaluation Needs evaluation Needs evaluation Not in release Not in release
libwebp Not affected Not affected Not affected Not affected Not affected
mozjs38 Not in release Not in release Not in release Ignored Not in release
mozjs52 Not in release Not in release Ignored Ignored Not in release
mozjs60 Not in release Not in release Not in release Not in release Not in release
qtimageformats-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
qtwebengine-opensource-src Needs evaluation Needs evaluation Needs evaluation Needs evaluation Not in release
thunderbird Not affected Not affected Not affected Not affected Not affected
Show all 9 packages Show less packages

CVE-2018-25014

Medium priority
Fixed

A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().

1 affected package

libwebp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libwebp Fixed Fixed Fixed Fixed
Show less packages

CVE-2018-25013

Medium priority
Fixed

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().

1 affected package

libwebp

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
libwebp Fixed Fixed Fixed Fixed
Show less packages