VulnerableCode Package Details - pkg:deb/debian/libwebp@0.6.1-2.1%2Bdeb11u2

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4fc5-p4nj-cbgr	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().	CVE-2018-25013
VCID-5qgt-ej4k-kuct	A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().	CVE-2018-25014
VCID-73xt-fcxh-rbdv	A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	CVE-2020-36328
VCID-9een-9fgv-d7ej	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().	CVE-2018-25009
VCID-awpc-7dzf-fkaw	A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.	CVE-2020-36332
VCID-gwzm-g2ga-2qag	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().	CVE-2018-25011
VCID-n2b4-twrw-budu	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().	CVE-2018-25012
VCID-nab4-t26u-aqca	A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.	CVE-2020-36330
VCID-nr5n-zkwn-gqdb	A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.	CVE-2023-1999
VCID-pe8x-79nr-3qg4	Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild. Note: This advisory was previously also tracked as CVE-2023-5129.	CVE-2023-4863 GHSA-j7hp-h8jx-5ppr
VCID-scjp-nqyq-tqd2	A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.	CVE-2020-36331
VCID-u126-54se-mqf2	A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	CVE-2020-36329
VCID-u26j-vd9t-3fe8	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().	CVE-2018-25010

Vulnerability

Summary

Aliases

VCID-4fc5-p4nj-cbgr

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().

CVE-2018-25013

VCID-5qgt-ej4k-kuct

A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().

CVE-2018-25014

VCID-73xt-fcxh-rbdv

A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-36328

VCID-9een-9fgv-d7ej

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().

CVE-2018-25009

VCID-awpc-7dzf-fkaw

A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.

CVE-2020-36332

VCID-gwzm-g2ga-2qag

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().

CVE-2018-25011

VCID-n2b4-twrw-budu

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().

CVE-2018-25012

VCID-nab4-t26u-aqca

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.

CVE-2020-36330

VCID-nr5n-zkwn-gqdb

A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.

CVE-2023-1999

VCID-pe8x-79nr-3qg4

Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild. *Note: This advisory was previously also tracked as CVE-2023-5129.*

CVE-2023-4863
GHSA-j7hp-h8jx-5ppr

VCID-scjp-nqyq-tqd2

A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.

CVE-2020-36331

VCID-u126-54se-mqf2

A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVE-2020-36329

VCID-u26j-vd9t-3fe8

A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().

CVE-2018-25010

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T20:00:12.353525+00:00	Debian Oval Importer	Fixing	VCID-awpc-7dzf-fkaw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:29:11.139061+00:00	Debian Oval Importer	Fixing	VCID-scjp-nqyq-tqd2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:20:56.942208+00:00	Debian Oval Importer	Fixing	VCID-nab4-t26u-aqca	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:47:11.275293+00:00	Debian Oval Importer	Fixing	VCID-4fc5-p4nj-cbgr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:54:17.437767+00:00	Debian Oval Importer	Fixing	VCID-u126-54se-mqf2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:34:04.513733+00:00	Debian Oval Importer	Fixing	VCID-pe8x-79nr-3qg4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:21:13.799827+00:00	Debian Oval Importer	Fixing	VCID-n2b4-twrw-budu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:19:27.683366+00:00	Debian Oval Importer	Fixing	VCID-9een-9fgv-d7ej	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:14:15.749187+00:00	Debian Oval Importer	Fixing	VCID-73xt-fcxh-rbdv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:10:55.547382+00:00	Debian Oval Importer	Fixing	VCID-5qgt-ej4k-kuct	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:18:32.889104+00:00	Debian Oval Importer	Fixing	VCID-nr5n-zkwn-gqdb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:41:03.278064+00:00	Debian Oval Importer	Fixing	VCID-gwzm-g2ga-2qag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:57:55.484782+00:00	Debian Oval Importer	Fixing	VCID-u26j-vd9t-3fe8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0