VulnerableCode Package Details - pkg:deb/debian/libwebp@0.1.3-3%2Bnmu1

Vulnerabilities affecting this package (15)

Vulnerability	Summary	Fixed by
VCID-39wj-ubxt-4ufz Aliases: CVE-2016-9969 PYSEC-2019-256	In libwebp 0.5.1, there is a double free bug in libwebpmux.	0.5.2-1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-4fc5-p4nj-cbgr Aliases: CVE-2018-25013	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().	0.6.1-2+deb10u1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-5qgt-ej4k-kuct Aliases: CVE-2018-25014	A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().	0.6.1-2+deb10u1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-73xt-fcxh-rbdv Aliases: CVE-2020-36328	A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	0.6.1-2+deb10u1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-9een-9fgv-d7ej Aliases: CVE-2018-25009	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().	0.6.1-2+deb10u1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-awpc-7dzf-fkaw Aliases: CVE-2020-36332	A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.	0.6.1-2+deb10u1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-gwzm-g2ga-2qag Aliases: CVE-2018-25011	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().	0.6.1-2+deb10u1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-n2b4-twrw-budu Aliases: CVE-2018-25012	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().	0.6.1-2+deb10u1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-nab4-t26u-aqca Aliases: CVE-2020-36330	A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.	0.6.1-2+deb10u1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-nr5n-zkwn-gqdb Aliases: CVE-2023-1999	A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.	0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-pe8x-79nr-3qg4 Aliases: CVE-2023-4863 GHSA-j7hp-h8jx-5ppr	Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild. Note: This advisory was previously also tracked as CVE-2023-5129.	0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-scjp-nqyq-tqd2 Aliases: CVE-2020-36331	A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.	0.6.1-2+deb10u1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-u126-54se-mqf2 Aliases: CVE-2020-36329	A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	0.6.1-2+deb10u1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-u26j-vd9t-3fe8 Aliases: CVE-2018-25010	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().	0.6.1-2+deb10u1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-y2zm-u5hy-wuba Aliases: CVE-2016-9085	libwebp: Several integer overflows	0.5.2-1 Affected by 13 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Next non-vulnerable version	0.6.1-2.1+deb11u2
Latest non-vulnerable version	0.6.1-2.1+deb11u2
Risk	10.0

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T20:00:12.335342+00:00	Debian Oval Importer	Affected by	VCID-awpc-7dzf-fkaw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:29:11.120704+00:00	Debian Oval Importer	Affected by	VCID-scjp-nqyq-tqd2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:20:56.923679+00:00	Debian Oval Importer	Affected by	VCID-nab4-t26u-aqca	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:47:11.268433+00:00	Debian Oval Importer	Affected by	VCID-4fc5-p4nj-cbgr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:54:17.419351+00:00	Debian Oval Importer	Affected by	VCID-u126-54se-mqf2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:34:04.495564+00:00	Debian Oval Importer	Affected by	VCID-pe8x-79nr-3qg4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:21:13.782472+00:00	Debian Oval Importer	Affected by	VCID-n2b4-twrw-budu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:09:46.652369+00:00	Debian Oval Importer	Affected by	VCID-39wj-ubxt-4ufz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:19:27.666447+00:00	Debian Oval Importer	Affected by	VCID-9een-9fgv-d7ej	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:14:15.731105+00:00	Debian Oval Importer	Affected by	VCID-73xt-fcxh-rbdv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:10:55.529313+00:00	Debian Oval Importer	Affected by	VCID-5qgt-ej4k-kuct	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:18:32.868323+00:00	Debian Oval Importer	Affected by	VCID-nr5n-zkwn-gqdb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:41:03.260803+00:00	Debian Oval Importer	Affected by	VCID-gwzm-g2ga-2qag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:57:55.465555+00:00	Debian Oval Importer	Affected by	VCID-u26j-vd9t-3fe8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:23:29.795336+00:00	Debian Oval Importer	Affected by	VCID-y2zm-u5hy-wuba	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:46:56.911943+00:00	Debian Oval Importer	Affected by	VCID-5qgt-ej4k-kuct	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:45:24.948796+00:00	Debian Oval Importer	Affected by	VCID-u26j-vd9t-3fe8	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:40:10.484063+00:00	Debian Oval Importer	Affected by	VCID-gwzm-g2ga-2qag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:31:06.417235+00:00	Debian Oval Importer	Affected by	VCID-scjp-nqyq-tqd2	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:30:07.799245+00:00	Debian Oval Importer	Affected by	VCID-9een-9fgv-d7ej	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:28:45.941630+00:00	Debian Oval Importer	Affected by	VCID-4fc5-p4nj-cbgr	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:25:32.291023+00:00	Debian Oval Importer	Affected by	VCID-n2b4-twrw-budu	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:23:42.820896+00:00	Debian Oval Importer	Affected by	VCID-73xt-fcxh-rbdv	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:23:17.645705+00:00	Debian Oval Importer	Affected by	VCID-u126-54se-mqf2	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:15:50.149358+00:00	Debian Oval Importer	Affected by	VCID-nab4-t26u-aqca	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:13:37.049710+00:00	Debian Oval Importer	Affected by	VCID-awpc-7dzf-fkaw	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0