VulnerableCode Package Details - pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

Search for packages

Package details: pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

Essentials
History (24)

purl	pkg:deb/debian/libwebp@0.6.1-2%2Bdeb10u1

Next non-vulnerable version	0.6.1-2.1+deb11u2
Latest non-vulnerable version	0.6.1-2.1+deb11u2
Risk	10.0

Vulnerabilities affecting this package (13)

Vulnerability	Summary	Fixed by
VCID-4fc5-p4nj-cbgr Aliases: CVE-2018-25013	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().	0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-5qgt-ej4k-kuct Aliases: CVE-2018-25014	A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().	0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-73xt-fcxh-rbdv Aliases: CVE-2020-36328	A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-9een-9fgv-d7ej Aliases: CVE-2018-25009	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().	0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-awpc-7dzf-fkaw Aliases: CVE-2020-36332	A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.	0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-gwzm-g2ga-2qag Aliases: CVE-2018-25011	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().	0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-n2b4-twrw-budu Aliases: CVE-2018-25012	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().	0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-nab4-t26u-aqca Aliases: CVE-2020-36330	A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.	0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-nr5n-zkwn-gqdb Aliases: CVE-2023-1999	A double-free in libwebp could have led to memory corruption and a potentially exploitable crash.	0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-pe8x-79nr-3qg4 Aliases: CVE-2023-4863 GHSA-j7hp-h8jx-5ppr	Opening a malicious WebP image could lead to a heap buffer overflow in the content process. We are aware of this issue being exploited in other products in the wild. Note: This advisory was previously also tracked as CVE-2023-5129.	0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-scjp-nqyq-tqd2 Aliases: CVE-2020-36331	A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.	0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-u126-54se-mqf2 Aliases: CVE-2020-36329	A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.
VCID-u26j-vd9t-3fe8 Aliases: CVE-2018-25010	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().	0.6.1-2.1+deb11u2 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (11)

Vulnerability	Summary	Aliases
VCID-4fc5-p4nj-cbgr	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().	CVE-2018-25013
VCID-5qgt-ej4k-kuct	A use of uninitialized value was found in libwebp in versions before 1.0.1 in ReadSymbol().	CVE-2018-25014
VCID-73xt-fcxh-rbdv	A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	CVE-2020-36328
VCID-9een-9fgv-d7ej	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().	CVE-2018-25009
VCID-awpc-7dzf-fkaw	A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.	CVE-2020-36332
VCID-gwzm-g2ga-2qag	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().	CVE-2018-25011
VCID-n2b4-twrw-budu	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().	CVE-2018-25012
VCID-nab4-t26u-aqca	A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.	CVE-2020-36330
VCID-scjp-nqyq-tqd2	A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.	CVE-2020-36331
VCID-u126-54se-mqf2	A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	CVE-2020-36329
VCID-u26j-vd9t-3fe8	A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().	CVE-2018-25010

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T20:00:12.348686+00:00	Debian Oval Importer	Affected by	VCID-awpc-7dzf-fkaw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:29:11.134175+00:00	Debian Oval Importer	Affected by	VCID-scjp-nqyq-tqd2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T19:20:56.937338+00:00	Debian Oval Importer	Affected by	VCID-nab4-t26u-aqca	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:47:11.273505+00:00	Debian Oval Importer	Affected by	VCID-4fc5-p4nj-cbgr	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:54:17.432948+00:00	Debian Oval Importer	Affected by	VCID-u126-54se-mqf2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:34:04.509159+00:00	Debian Oval Importer	Affected by	VCID-pe8x-79nr-3qg4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T17:21:13.795308+00:00	Debian Oval Importer	Affected by	VCID-n2b4-twrw-budu	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:19:27.678916+00:00	Debian Oval Importer	Affected by	VCID-9een-9fgv-d7ej	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:14:15.744425+00:00	Debian Oval Importer	Affected by	VCID-73xt-fcxh-rbdv	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T16:10:55.542601+00:00	Debian Oval Importer	Affected by	VCID-5qgt-ej4k-kuct	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T15:18:32.883847+00:00	Debian Oval Importer	Affected by	VCID-nr5n-zkwn-gqdb	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T13:41:03.273510+00:00	Debian Oval Importer	Affected by	VCID-gwzm-g2ga-2qag	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:57:55.479046+00:00	Debian Oval Importer	Affected by	VCID-u26j-vd9t-3fe8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T11:46:56.926940+00:00	Debian Oval Importer	Fixing	VCID-5qgt-ej4k-kuct	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:45:24.964142+00:00	Debian Oval Importer	Fixing	VCID-u26j-vd9t-3fe8	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:40:10.498173+00:00	Debian Oval Importer	Fixing	VCID-gwzm-g2ga-2qag	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:31:06.431497+00:00	Debian Oval Importer	Fixing	VCID-scjp-nqyq-tqd2	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:30:07.814223+00:00	Debian Oval Importer	Fixing	VCID-9een-9fgv-d7ej	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:28:45.955543+00:00	Debian Oval Importer	Fixing	VCID-4fc5-p4nj-cbgr	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:25:32.305186+00:00	Debian Oval Importer	Fixing	VCID-n2b4-twrw-budu	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:23:42.836062+00:00	Debian Oval Importer	Fixing	VCID-73xt-fcxh-rbdv	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:23:17.660481+00:00	Debian Oval Importer	Fixing	VCID-u126-54se-mqf2	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:15:50.163832+00:00	Debian Oval Importer	Fixing	VCID-nab4-t26u-aqca	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0
2025-08-01T11:13:37.067770+00:00	Debian Oval Importer	Fixing	VCID-awpc-7dzf-fkaw	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	37.0.0