Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/libwebp@1.5.0-0.1?distro=trixie
purl pkg:deb/debian/libwebp@1.5.0-0.1?distro=trixie
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (16)
Vulnerability Summary Aliases
VCID-5hzf-gdbj-8ud8 Double Free There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. CVE-2023-1999
VCID-6z14-frdw-r3dh libwebp: out-of-bounds read in ApplyFilter() CVE-2018-25010
VCID-8nht-54x7-gqf1 libwebp: excessive memory allocation when reading a file CVE-2020-36332
VCID-9jcb-yrmd-7uen libwebp: heap-based buffer overflow in WebPDecode*Into functions CVE-2020-36328
VCID-c6sz-91cq-8yfx An integer overflow vulnerability in WebP could lead to arbitrary code execution or Denial of Service. CVE-2012-5127
VCID-e3uc-36mx-mbfv libwebp: out-of-bounds read in ChunkVerifyAndAssign() in mux/muxread.c CVE-2020-36330
VCID-ecku-fk4j-s3hr libwebp: out-of-bounds read in ChunkAssignData() in mux/muxinternal.c CVE-2020-36331
VCID-edjd-xk1f-gkgg Multiple vulnerabilities have been discovered in WebP, the worst of which could allow a remote attacker to cause a Denial of Service condition. CVE-2016-9085
VCID-hjha-gt3s-s3e3 libwebp: use of uninitialized value in ReadSymbol() CVE-2018-25014
VCID-k4yg-g6p1-kkbz libwebp: use-after-free in EmitFancyRGB() in dec/io_dec.c CVE-2020-36329
VCID-ms2y-xj5p-4ud9 libwebp: out-of-bounds read in WebPMuxCreateInternal() CVE-2018-25012
VCID-t16b-mbs7-wfc1 libwebp: heap-based buffer overflow in PutLE16() CVE-2018-25011
VCID-vdzj-kqfy-d3b7 libwebp: OOB write in BuildHuffmanTable Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page. CVE-2023-4863
GHSA-j7hp-h8jx-5ppr
VCID-wcer-d6dm-w3ch libwebp: out-of-bounds read in WebPMuxCreateInternal CVE-2018-25009
VCID-y1t9-28vr-euep In libwebp 0.5.1, there is a double free bug in libwebpmux. CVE-2016-9969
PYSEC-2019-256
VCID-yjus-jmfg-tyfv libwebp: out-of-bounds read in ShiftBytes() CVE-2018-25013

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:11:03.989520+00:00 Debian Importer Fixing VCID-y1t9-28vr-euep https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:32:42.384583+00:00 Debian Importer Fixing VCID-edjd-xk1f-gkgg https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:30:17.249495+00:00 Debian Importer Fixing VCID-5hzf-gdbj-8ud8 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:24:29.514058+00:00 Debian Importer Fixing VCID-ms2y-xj5p-4ud9 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:21:38.365678+00:00 Debian Importer Fixing VCID-t16b-mbs7-wfc1 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:13:13.902641+00:00 Debian Importer Fixing VCID-vdzj-kqfy-d3b7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:49:58.741188+00:00 Debian Importer Fixing VCID-hjha-gt3s-s3e3 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:40:53.161215+00:00 Debian Importer Fixing VCID-c6sz-91cq-8yfx https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T11:18:04.685814+00:00 Debian Importer Fixing VCID-e3uc-36mx-mbfv https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:27:56.311227+00:00 Debian Importer Fixing VCID-yjus-jmfg-tyfv https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:35:01.280262+00:00 Debian Importer Fixing VCID-8nht-54x7-gqf1 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:13:41.545944+00:00 Debian Importer Fixing VCID-k4yg-g6p1-kkbz https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T09:09:40.729427+00:00 Debian Importer Fixing VCID-ecku-fk4j-s3hr https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:50:28.378866+00:00 Debian Importer Fixing VCID-6z14-frdw-r3dh https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:48:01.989407+00:00 Debian Importer Fixing VCID-wcer-d6dm-w3ch https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T08:40:50.441956+00:00 Debian Importer Fixing VCID-9jcb-yrmd-7uen https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:04:19.413823+00:00 Debian Importer Fixing VCID-y1t9-28vr-euep https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:35:28.095159+00:00 Debian Importer Fixing VCID-edjd-xk1f-gkgg https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:33:41.312936+00:00 Debian Importer Fixing VCID-5hzf-gdbj-8ud8 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:29:31.919324+00:00 Debian Importer Fixing VCID-ms2y-xj5p-4ud9 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:27:26.056079+00:00 Debian Importer Fixing VCID-t16b-mbs7-wfc1 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:21:33.921606+00:00 Debian Importer Fixing VCID-vdzj-kqfy-d3b7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:04:31.021140+00:00 Debian Importer Fixing VCID-hjha-gt3s-s3e3 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:57:31.735932+00:00 Debian Importer Fixing VCID-c6sz-91cq-8yfx https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:41:19.820120+00:00 Debian Importer Fixing VCID-e3uc-36mx-mbfv https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:03:40.851777+00:00 Debian Importer Fixing VCID-yjus-jmfg-tyfv https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:23:01.746442+00:00 Debian Importer Fixing VCID-8nht-54x7-gqf1 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:10:21.011879+00:00 Debian Importer Fixing VCID-k4yg-g6p1-kkbz https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T18:07:58.525217+00:00 Debian Importer Fixing VCID-ecku-fk4j-s3hr https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:56:22.440391+00:00 Debian Importer Fixing VCID-6z14-frdw-r3dh https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:54:46.539679+00:00 Debian Importer Fixing VCID-wcer-d6dm-w3ch https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T17:50:05.774636+00:00 Debian Importer Fixing VCID-9jcb-yrmd-7uen https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:29:58.759369+00:00 Debian Importer Fixing VCID-vdzj-kqfy-d3b7 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:58.725145+00:00 Debian Importer Fixing VCID-5hzf-gdbj-8ud8 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:58.673582+00:00 Debian Importer Fixing VCID-8nht-54x7-gqf1 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:58.639292+00:00 Debian Importer Fixing VCID-ecku-fk4j-s3hr https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:58.605339+00:00 Debian Importer Fixing VCID-e3uc-36mx-mbfv https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:58.571563+00:00 Debian Importer Fixing VCID-k4yg-g6p1-kkbz https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:58.537282+00:00 Debian Importer Fixing VCID-9jcb-yrmd-7uen https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:58.502378+00:00 Debian Importer Fixing VCID-hjha-gt3s-s3e3 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:58.468145+00:00 Debian Importer Fixing VCID-yjus-jmfg-tyfv https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:58.433824+00:00 Debian Importer Fixing VCID-ms2y-xj5p-4ud9 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:58.399449+00:00 Debian Importer Fixing VCID-t16b-mbs7-wfc1 https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:58.365422+00:00 Debian Importer Fixing VCID-6z14-frdw-r3dh https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:58.331533+00:00 Debian Importer Fixing VCID-wcer-d6dm-w3ch https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:58.296565+00:00 Debian Importer Fixing VCID-y1t9-28vr-euep https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:58.252861+00:00 Debian Importer Fixing VCID-edjd-xk1f-gkgg https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:29:58.210971+00:00 Debian Importer Fixing VCID-c6sz-91cq-8yfx https://security-tracker.debian.org/tracker/data/json 38.1.0