Search for packages
| purl | pkg:deb/debian/libwebp@0.4.1-1.2 |
| Next non-vulnerable version | 0.6.1-2.1+deb11u2 |
| Latest non-vulnerable version | 0.6.1-2.1+deb11u2 |
| Risk | 10.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5hzf-gdbj-8ud8
Aliases: CVE-2023-1999 |
Double Free There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. |
Affected by 0 other vulnerabilities. |
|
VCID-6z14-frdw-r3dh
Aliases: CVE-2018-25010 |
libwebp: out-of-bounds read in ApplyFilter() |
Affected by 13 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-8nht-54x7-gqf1
Aliases: CVE-2020-36332 |
libwebp: excessive memory allocation when reading a file |
Affected by 13 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-9jcb-yrmd-7uen
Aliases: CVE-2020-36328 |
libwebp: heap-based buffer overflow in WebPDecode*Into functions |
Affected by 13 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-e3uc-36mx-mbfv
Aliases: CVE-2020-36330 |
libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c |
Affected by 13 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ecku-fk4j-s3hr
Aliases: CVE-2020-36331 |
libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c |
Affected by 13 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-edjd-xk1f-gkgg
Aliases: CVE-2016-9085 |
Multiple vulnerabilities have been discovered in WebP, the worst of which could allow a remote attacker to cause a Denial of Service condition. |
Affected by 13 other vulnerabilities. |
|
VCID-hjha-gt3s-s3e3
Aliases: CVE-2018-25014 |
libwebp: use of uninitialized value in ReadSymbol() |
Affected by 13 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-k4yg-g6p1-kkbz
Aliases: CVE-2020-36329 |
libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c |
Affected by 13 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-ms2y-xj5p-4ud9
Aliases: CVE-2018-25012 |
libwebp: out-of-bounds read in WebPMuxCreateInternal() |
Affected by 13 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-t16b-mbs7-wfc1
Aliases: CVE-2018-25011 |
libwebp: heap-based buffer overflow in PutLE16() |
Affected by 13 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-vdzj-kqfy-d3b7
Aliases: CVE-2023-4863 GHSA-j7hp-h8jx-5ppr |
libwebp: OOB write in BuildHuffmanTable Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page. |
Affected by 0 other vulnerabilities. |
|
VCID-wcer-d6dm-w3ch
Aliases: CVE-2018-25009 |
libwebp: out-of-bounds read in WebPMuxCreateInternal |
Affected by 13 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-y1t9-28vr-euep
Aliases: CVE-2016-9969 PYSEC-2019-256 |
In libwebp 0.5.1, there is a double free bug in libwebpmux. |
Affected by 13 other vulnerabilities. |
|
VCID-yjus-jmfg-tyfv
Aliases: CVE-2018-25013 |
libwebp: out-of-bounds read in ShiftBytes() |
Affected by 13 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||